i  MeadWestvaco 
CIO  Jim  McGrane: 


“ITIL  allows  you 


to  measure  what’s 
important  so  you 
can  emphasize  the 
things  that  add  value 
and  take  out  the 
things  that  don’t.” 


SUPER  P 


How  the  IT  Infrastructure  Library  is  supercharg 
becoming  its  dominant  governance  framework 


BY  BEN  WORTHEN 


PLUS 

How  ITIL  stacks  up 
against  Six  Sigma, 

CMMand  Cobit 


ALSO 

CUTTING 
CORNERS  ON 
HOMELAND 
SECURITY 

TheUS-Visit 

Drogram: 

t  stayed  on  time, 
on  budget,  but 
may  not  protect 
our  borders. 

A  story  of 
compromise. 

Page  54 


JPMORGAN 

CHASE 

The  Pain  of 
Backsourcing— 
the  Inside  Story 

Page  64 


THOUGHT 

LEADERSHIP 


John  Hagel  and 
John  Seely  Brown 

on  the  transformative 
impact  of  loose 
coupling 


Page  34 


Jim  Cash  on  the 

importance  of  CIO 
outreach  to  external 


customers 

Page  38 


Captaris  is  Business  Information  Delivery 


A  Captaris  solution  is  probably  somewhere  in  your  organization. 
It's  in  data,  systems  and  workflows,  already  doing  its  job, 
so  embedded  that  it’s  easy  to  overlook. 

It  helps  existing,  disparate  technologies  talk  to  each  other 
so  content  is  accessible  from  any  source,  in  any  format. 


It  automates  workflow  processes,  freeing  your  talent  to  focus 
on  truly  important  tasks.  It  delivers  information  to  any  channel 
so  it  can  be  used  anytime  to  add  the  ultimate  value  to 
your  organization. 

That's  Business  Information  Delivery.  That’s  Captaris. 


Captaris  RightFax— Send,  receive  and  manage  enterprise  faxes  and  e-documents. 

Captaris  Alchemy-Archive  and  manage  any  type  of  fixed  content  for  compliance. 

Captaris  Workflow-Automate  business  processes  with  easy,  flexible  and 
integrated  workflow  solutions. 

Captaris  Interchange-Generate  and  distribute  high-volume,  individualized 
documents  independent  of  source  data,  format  or  delivery  method. 

The  Way  Information  Moves 

Our  products  are  ready  to  be  deployed  individually  or  as  a  whole  to  extend  your 
IT  investments  and  help  you  become  a  more  innovative  and  agile  global  competitor. 

Uncover  more  about  Business  Information  Delivery  at  captaris.com/BID. 


•>v 


The  Samsung  242MP  display.  Explore  more  of  what’s  out  there. 

One  look  and  you’ll  see  how  the  combination  of  a  computer  display,  a  television  and  a  radio 
can  become  your  ultimate  source  of  knowledge.  And  why  Samsung  is  the  leading  display 
brand  in  the  world.  So  when  you’re  serious  about  business,  turn  on  a  Samsung.  And  turn 
yourself  on  to  a  whole  new  way  of  seeing  things,  www.samsung.com/monitor 

©2005  Samsung  Electronics  America,  Inc.  Samsung  is  a  registered  trademark  of  Samsung  Electronics  Co..  Ltd.  .  . 

Screen  images  simulated.  ‘Global  market  share  leader  based  on  2004  iSuppli  Corporation  Rating.  ~  X  *.•  c ; ; 


SAMSUNG 


NETWORK 


EXPERTISE 


APPLICATIONS 


SERVICE 


The  largest  and  fastest 
national  wireless  data  network. 
The  largest  U.S.  provider  on 
the  global  standard. 


Our  people  and  partners 
make  wireless  work  for 
more  businesses  than  any 
other  wireless  carrier. 


The  broadest  and  deepest 
portfolio  of  wireless 
business  solutions. 


24/7  enterprise-grade 
support.  And  a  service 
staff  dedicated  solely  to 
business  people. 


I 


this  very  second 


helped  FedEx 
deliver  absolutely,  positively  faster. 


Cingular  connected  the 
FedEx  Ground  package 
tracking  system  to 
the  ALLOVER™  network, 
the  largest  digital  voice 
and  data  network 
in  America.  FedEx 
customers  can  now 
track  their  packages 
online  in  real-time.  For  FedEx,  Cingular  delivers  faster,  more  cost- 
effective  tracking  updates  and  even  greater  customer  satisfaction. 


CINGULAR  MAKES  BUSINESS  RUN  BETTER 


X  cingular 

raising  the  barr.iill 


Find  out  how  Cingular  can  make  your  business  run  better: 

CALL  your  account  representative  -or-  CLICK  cingular.com/businessleader 


Cingular’s  ALLOVER  data  network  covers  over  250  million  people  and  is  growing. 

Coverage  is  not  available  in  all  areas.  Global  coverage  based  on  coverage  in  174  countries.  Fastest  claim  compares  Cingular's  measured  speed  of  its  EDGE 
network  to  other  carriers’  speed  claims  for  their  national  data  networks.  All  marks  property  of  their  respective  owners.  ©2005  Cingular  Wireless.  All  rights  reserved. 


COVER  PHOTO  BY  JOE  HARRISON 


“To  run  IT  like  a  business,  you  need  to 
understand  the  key  services  that  go  into  it. 
ITIL  makes  that  work  visible,"  says 
Jim  McGrane,  CIO  of  MeadWestvaco. 


Customer  Relations 

YOUR  NEW  MARKET  MANDATE: 

MEET  THE  CUSTOMER  |  38 

Why  it’s  up  to  CIOs  to  ensure  that  their 
companies  are  focused  on  external  cus¬ 
tomers— one  at  a  time.  Column  by  Jim  Cash 
with  Keri  Pearlson 

Homeland  Security 

CHEAP,  FAST  OR  SECURE- 
PICK  TWO  ]  54 

Four  years  after  9/11,  the  United  States  has 
a  biometrics  screening  system  for  foreign 
visitors— US-Visit— and  we  got  it  on  time 
and  within  budget.  But  the  system  is  neither 
as  efficient  nor  as  airtight  as  it  could  be. 
Here’s  why.  Feature  by  Allan  Holmes 

IT  Value 

THE  JOY  OF  FLEX  |  34 

A  loosely  coupled  approach  to  business 
processes  and  IT  makes  it  much  more  possi¬ 
ble  for  companies  to  innovate,  both  within 
and  across  enterprises.  Column  by  John 
Hagel  and  John  Seely  Brown 

TERMS  OF  ALIGNMENT  |  74 

Zurich  North  America  Small  Business  CEO 
Ray  Thomas  believes  in  using  IT  to  drive  the 
insurance  company’s  goals  of  reducing 
transaction  costs  and  growing  its  stable  of 
insurance  agents.  A  “View  from  the  Top” 
interview  by  Elana  Varon 

more  » 


IT  Governance 

COVER  STORY  |  ITIL  POWER  |  46 

Why  the  IT  Infrastructure  Library  is  becoming  the 
most  popular  process  framework  for  running  IT  in 
America,  and  what  it  can  do  for  you. 

Feature  by  Ben  Worthen 


JOIN  THE  CONVERSATION  |  CIO.COM 

Last  spring,  online  columnist  Dean  Meyer  sought  to  decipher  ITIL  in  his 
Beneath  the  Buzz  column.  Comments  posted  to  the  story  furthered  the  dis¬ 
cussion  of  what  ITIL  is  (and  isn’t).  Find  the  link  at  www.cio.com/090105. 


tent 

SEPTEMBER/l/2005  I  VOL/18  I  NO/22 


C05 


www.cio.com  |  SEPTEMBER  1 


5 


content  (cont.) 


At  Zurich  North 
America  Small 
Business,  CEO 
Ray  Thomas  drives 
IT  investments  to 
help  the  company 
win  market  share. 


DEPARTMENTS 


Trendlines  |  23 

Wireless  |  A  Web  of  Safety 

Community  Service  |  The  House  That  CIOs  Built 

Career  |  The  Long  and  Congested  Commute  to 
the  Top 

Government  |  DHS  Revamp  Targets  IT 
Cybersecurity 

Disaster  Recovery  |  What’s  Shakin’? 

IT  Management  |  Watch  for  Pitfalls  When 
Applying  IT  Infrastructure  Library 

Management  Report  |  CRM  Gains  Ground  as 
Management  Tool 

Risk  Management  |  Warning!  Competition 
Approaching 

On  The  Move  |  IT  Drives  Corporate  Strategy  at  Ford 

Forum  |  80 

Open  Source  |  The  CIO  Executive  Council  shares 
ideas  and  insights  on  open  source. 

From  the  Managing  Editor  |  10 

Deep  Throats  |  Why,  when  and  under  what 
circumstances  we  use  anonymous  sources. 

By  David  Rosenbaum 

From  the  Publisher  |  84 

How  to  Sell  |  As  CIOs  are  tasked  with  helping  to 
grow  the  business,  they  need  to  become  adept  at 
selling  IT.  By  Gary  Beach 

Inbox  |  18 


Leadership 

RESEARCH  YOU  CAN  USE  |  42 

Help  the  IT  consultancies  understand  what  kind  of  research 
you  really  need  to  align  with  business. 

Column  by  Susan  Cramm 

Outsourcing 

BACKSOURCING  PAIN  |  64 

JPMorgan  Chase’s  decision  to  first  outsource  IT  and  then  bring 
it  back  in-house  stands  as  a  cautionary  tale  for  any  CIO  consid¬ 
ering  an  outsourcing  megadeal. 

Feature  by  Stephanie  Overby 


Index  |  86 

Executive  Summaries  |  88 


I  _ _ 

Wh(fi)t's  Hot  Online 


Senior  Writer  Meridith  Levinson  has  been  tracking 
personnel  announcements  about  CIOs  for  at  least 
three  years  on  CIO.com  and  in  the  pages  of  the  mag¬ 
azine.  But  now  she’s  sharing  the  ins  and  outs  of 
who’s  gone  where  and  who’s  out  in  her  MOVERS 
AND  SHAKERSblog. 

Find  the  link  at  www.cio.com/blogs. 


See  your  global  infrastructure  in  a  new  way. 


* 


CL’  ,  ■  :  1 

Most  applications  and  protocols  were  designed  to  run  locally.  Over  a  WAN,  they  grind  to  a  halt. 
That's  why  Riverbed  developed  a  solution  built  on  radically  new,  patent-pending  technology  that 
actually  delivers  LAN-like  performance  across  your  WAN.  Even  for  chatty  applications  that  can 
break  down  across  the  most  robust  networks. 

Riverbed's  proven  solution  allows  your'  enterprise  to  consolidate  IT  infrastructure  at  the  data 
center,  optimize  your  bandwidth  usage,  and  still  deliver  applications  and  data  over  your  WAN  - 
at  speeds  that  make  remote  data  feel  local. 

Find  out  how  Riverbed  can  accelerate  your  business.  Visit 

www.riverbed.com/info/cio  to  download  your  copy  of 
the  analyst  white  paper  "Wide  Area  Data  Services"  today. 

Or  call  us  at  1 -87-RIVERBED  to  get  started  right  away. 


-RIVERBED 


i  2005  Riveibed  Technology,  Inc.  All  rights  reseived.  Riverbed  Technology,  Riverbed,  Steelheod  ond  the  Riverbed  logo  oie  trodemoAs  or  regisTered  trademarks  of  Riverbed  Technology.  Inc. 


With  Sybase®  software,  Nielsen  Media  Research 
enables  customers  to  get  real-time  access  to  audience 
viewing  habits  through: 


s' 

U 


800%  faster  data  loads  for  increased  productivity 
during  maintenance  windows 

a  secure,  Web-based  interface  that’s  accessible 
24  hours  a  day  from  any  location 


G/  70%  data  compression  ratio  for  significant 
hard-cost  storage  savings 


When  viewing  trends  change  in  the  ultra-competitive  broadcast  industry,  Nielsen  Media  Research  and  their  customers  know  it  instantly. 
Because  they  have  an  information  edge  that  comes  from  using  Sybase®  10  -  a  powerful  data  analytics  engine  that  enables  their  clients 
to  analyze  more  data  in  more  ways.  Up  to  lOOx  faster.  And  Sybase  10  helps  Nielsen  provide  better  service  at  a  lower  cost.  It’s  an  edge 
that  only  we  can  deliver.  And  it’s  why  more  global  companies  are  tuning-in  to  Sybase  every  day.  www.sybase.com/infoedgel 


Copyright  ©2005  Sybase,  Inc.  All  rights  reserved.  Sybase  and  the  Sybase  logo  are  trademarks  of  Sybase,  Inc.  •  indicates  registration  in  the  United  States  of  America.  All  product  and 
company  names  are  trademarks  of  their  respective  owners. 


Sybase- 


FROM  THE  EDITOR 


Deep 

Throats 


Why,  when  and  under 
what  circumstances  we 
use  anonymous  sources 


: 


Nobody  likes  anonymous  sources. 

Reporters  don’t  like  them  because  an  anonymous  source  means  they  failed  to  persuade 
that  source  to  go  on  the  record.  Editors  don’t  like  them  because  they  know  that  an  asser¬ 
tion  carries  more  weight  when  it  has  a  name  attached  to  it. 

Defense  lawyers  don’t  like  them  because  the  anonymity  reporters  promise  sources  is  not 
protected  by  federal  law.  If  a  federal  court  or  special  prosecutor  demands  that  a  reporter 
reveal  the  identity  of  a  source— as  one  did  in  July,  sending  New  York  Times  reporter  Judith 
Miller  to  jail  when  she  refused  to  comply— the  reporter’s  claim  of  privilege  cannot  be  suc¬ 
cessfully  defended. 

Most  important,  readers  don’t  like  them  because,  well,  how  reliable  is  the  testimony  of 
someone  who  hides  his  face? 

So  why  do  we  use  anonymous  sources? 

Because  in  a  less-than-perfect  world,  it 
is  sometimes  necessary  to  use  less-than- 
perfect  means  to  arrive  at  some  approxi¬ 
mation  of  truth. 

Put  simply,  our  job  as  journalists  is  to 
find  out  what’s  happening  and  tell  you 
about  it.  Naturally,  individuals  and  organizations  are  not  eager  to  help  us  find  out  what’s 
happening  when  that  reflects  poorly  on  them.  In  those  cases,  a  reporter  who’s  doing  her 
job  well  finds  people  willing  to  talk— even  if  they’re  not  willing  to  attach  their  names  to 
their  words. 

To  mitigate  these  negatives  when  a  CIO  reporter  uses  anonymous  sources,  the  story’s  edi¬ 
tor  requires  that  the  information  be  backed  up  by  at  least  one  other  credible  source  telling 
substantially  the  same  story.  The  source  must  also  be  speaking  of  his  experience,  not 
another’s.  And  the  reporter  must  reveal  the  name  of  the  source  to  the  editor  and  convince 
the  editor  that  said  source  doesn’t  have  an  ax  to  grind. 

This  was  the  case  with  Senior  Editor  Stephanie  Overby’s  “Backsoureing  Pain,”  Page  64, 
about  JPMorgan  Chase’s  experience  in  canceling  an  outsourcing  arrangement  with  IBM 
and  bringing  the  outsourced  IT  back  in-house.  Overby  spoke  with  more  than  a  dozen  cur¬ 
rent  and  former  JPMorgan  Chase  employees  (some  for,  some  not  for  attribution);  she  col¬ 
lected  resumes  to  show  that  the  sources  were  currently  employed  in  good  jobs  (reducing 
the  concern  about  grinding  axes),  and  confirmed  data  from  other  independent  and  reli¬ 
able  sources. 

Using  anonymous  sources  is  not  something  we  like  to  do.  In  this  case,  we  felt  it  was  the 
only  way  to  show  the  impact  on  employees  of  massive  sourcing  shifts  and  the  negative  effect 
that  impact  can  have  on  your  business. 

The  fact  is,  as  the  Rolling  Stones  once  pointed  out,  you  can’t  always  get  what  you  want 
(a  person  on  the  record),  but  if  you  try  sometime,  you  just  might  find,  you  get  what  you  need 
(the  true  story). 


In  a  less-than-perfect  world, 
it  is  sometimes  necessary  to 
use  less-than-perfect  means  to 
arrive  at  some  approximation 
of  truth. 


David  Rosenbaum,  Managing  Editor 

drosenbaum(5)cio.com 


10 


SEPTEMBER  1 


2005  |  www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


After  a  long  drought, 


IT  JOBS  ARE  NOW 


GROWING. 


Now  that  the  IT  hiring  climate  is  finally  perking  up,  it's  important  to 
cultivate  the  right  connections.  And  that's  where  Robert  Half  Technology 
can  definitely  help.  With  over  100  offices  nationwide  —  staffed  with 
hiring  managers  who  really  know  the  IT  marketplace  —  we  have 
access  to  some  of  the  most  interesting  opportunities  and  cutting-edge 
technology  companies.  Plus  we  offer  competitive  pay,  great  benefits 
and  a  world-class  online  training  program.  So  whether  it's  contract 
or  full-time  opportunities  you're  after,  call  Robert  Half  Technology 
today.  And  watch  your  career  take  root  again. 


WE  GET  IT.  WE  SPEAK  IT.  WE  KNOW  IT. 


< 

< 

to 

to 

o 

o 

o 

o 

RH 

Robert  Half 

Technology 


Information  Technology  Professionals 


A  Robert  Half  International  Company 


800.793.5533  •  rht.com 


©  Robert  Half  Technology.  EOE  0405-4201 


73%  of  the  FORTUNE  100®  and  76%  of  the 
European  100  compared  business  collaboration  providers  and 

came  to  a  single  conclusion. 


Many  of  the  world's  most  successful  organizations  rely  upon  Sterling  Commerce  to  automate 
their  business  processes,  so  they  can  exchange  critical  information  with  their  trading  partners, 
subsidiaries  and  customers.  Reliably.  Securely.  And  regardless  of  the  application  being  used. 
Sterling  Commerce  delivers  the  first  platform  to  meet  all  the  complex  challenges  of  real-world 

BUSINESS  APPLICATIONS  /  BUSINESS  INTEGRATION  /  BUSINESS  I  N  T  |c 


©2005  Sterling  Commerce,  Inc.  ALL  RIGHTS  RESERVED.  Sterling  Commerce  and  the  Sterling  Commerce  logo  are  trademarks  of  Sterling  Commerce,  Inc.  Sterling  Commerce  is  an  SBC  Communications,  Inc.  company.  FORTUNE  IS 
A  REGISTERED  MARK  OF  Time  Inc. 


Obviously,  great  minds 
think  alike. 


multi-enterprise  computing.  Plus  over  30  years  of  experience  helping  companies  overcome 
the  technological,  cultural  and  security  issues  of  collaboration.  No  one  else  does  as  much, 
period.  Find  out  what  so  many  companies  already  know.  Speak  to  a  Sterling  Commerce 
representative  today.  Or  visit  www.sterlingcommerce.com 

GENCE  /  BUSINESS  PROCESS  MANAGEMENT  /  SOLUTION  DELIVERY 


sterling  commerce 


WHAT  WE  COVER,  WHOM  TO  CONTACT 

INDUSTRY  Enterprise  Resource  Planning  (ERP) 

Ben  Worthen,  bworthen@cio.com 


CHIB 

THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


president  and  ceo  Michael  Friedenberg 

editorial  director  Lew  McCreary 
publisher  Gary  J.  Beach 

EDITORIAL 

editor  in  chief  Abbie  Lundberg 
managing  editor  David  Rosenbaum 

MANAGING  EDITOR,  PRODUCTION 

Cheryl  R.  Asselin 

EXECUTIVE  EDITORS 

Alison  Bass.  Christopher  Koch, 

Edward  Prewitt 

Washington  bureau  chief  Allan  Holmes 
special  projects  editor  Mindy  Blodgett 
technology  editor  Christopher  Lindquist 

SENIOR  EDITORS 

Scott  Berinato,  Alice  Dragoon, 
Stephanie  Overby,  Elana  Varon 

SENIOR  WRITERS 

Meridith  Levinson,  Susannah  Patton, 

Ben  Worthen 

STAFF  WRITER 

Thomas  Wailgum 

CONTRIBUTORS 

John  Seely  Brown,  Jim  Cash,  Susan  Cramm, 
Grant  Gross,  John  Hagel,  Michael  Kanell, 
Keri  Pearlson,  Daniel  John  Robinson 

DESIGN 

EXECUTIVE  DIRECTOR,  ART  AND  DESIGN 

Mary  Lester 

art  director  Terri  Haas 

ASSOCIATE  ART  DIRECTORS 

Owen  Edwards,  Matthew  Goebel 

associate  designer  Neva  Tachkova 
design  operations  specialist  Rachel  Barnett 

COPY  TEAM 

copy  chief  Emily  S.  Henderson 

senior  copy  editor  Diann  Daniel 
copy  editors  Cathy  Mallen,  Carol  Zarrow 

EDITORIAL  ASSISTANTS 

Cassidy  Healzer,  Margaret  Locher,  Al  Sacco 

RESEARCH  &  PROJECTS 

research  editor  Lorraine  Cosgrove  Ware 

associate  research  analyst  Julie  Hanson 
special  projects  manager  Lynne  Z.  Rigolim 

ONLINE  EDITORIAL 

web  editorial  director  Art  Jahnke 

WEB  EXECUTIVE  EDITOR  AND  PRODUCER 

Janice  Brand 

web  editor  Sandy  Kendall 
web  writer  Paul  Kerstein 

% 

CXO  MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

CEO  Pat  Kenealy 

board  chairman  Patrick  J.  McGovern 


OCXO  Media  Inc. 


Automotive 

Edward  Prewitt,  eprewitt@cio.com 

Financial  Services 

Elana  Varon,  evaron@cio.com 

Health  Care 

Alison  Bass,  abass@cio.com 

Manufacturing,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

Manufacturing,  Business-to-Consumer 

Susannah  Patton,  spatton@cio.com 

Public  Sector 

Allan  Holmes,  aholmes@cio.com 

Retail 

Meridith  Levinson,  mlevinson@cio.com 

Transportation 

Stephanie  Overby,  soverby@cio.com 

Travel/Leisure/Entertainment 

Alice  Dragoon,  adragoon@cio.com 


BUSINESS  & 

TECHNOLOGY 

Architecture 

Christopher  Koch,  ckoch@cio.com 

Customer  Relationship  Management  (CRM) 

Alison  Bass,  abass@cio.com 
Alice  Dragoon,  adragoon@cio.com 

E-Commerce,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

E-Commerce,  Business-to-Consumer 

Meridith  Levinson,  mlevinson@cio.com 

Emerging  Technology 

Christopher  Lindquist,  clindquist@cio.com 


Book  Reviews 

Elana  Varon,  evaron@cio.com 

By  the  Numbers 

Lorraine  Cosgrove  Ware,  lcosgrove@cio.com 

Essential  Technology 

Christopher  Lindquist,  clindquist@cio.com 

Executive  Coach 

Edward  Prewitt,  eprewitt@cio.com 

Forum 

Cheryl  Asselin,  casselin@cio.com 

From  the  Editor 

Abbie  Lundberg,  lundberg@cio.com 

From  the  Publisher 

Gary  Beach,  gbeach@cio.com 


Integration 

Christopher  Koch,  ckoch@cio.com 

Leadership  and  Management 

Edward  Prewitt,  eprewitt@cio.com 

Legislation  and  Regulation 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 

Outsourcing 

Stephanie  Overby,  soverby@cio.com 

Project  Management 

Mindy  Blodgett,  mblodgett@cio.com 

Public  Sector  (Government  IT) 

Allan  Holmes,  aholmes@cio.com 

Risk  Management 

Allan  Holmes,  aholmes@cio.com 

Security/Privacy 

Scott  Berinato,  sberinato@cio.com 
Allan  Holmes,  aholmes@cio.com 

Staffing 

Stephanie  Overby,  soverby@cio.com 

Supply  Chain  Management 

Ben  Worthen.  bworthen@cio.com 

Value  and  Measurement 

Mindy  Blodgett,  mblodgett@cio.com 

Vendor  Management 

Scott  Berinato,  sberinato@cio.com 
Susannah  Patton,  spatton@cio.com 

Web  Services 

Christopher  Lindquist,  clindquist@cio.com 
Elana  Varon,  evaron@cio.com 

Workforce  Connectivity 

(Wireless,  Collaboration  Technologies) 

Thomas  Wailgum,  twailgum@cio.com 


Keynote 

Alison  Bass,  abass@cio.com 

Michael  Schrage 

Alison  Bass,  abass@cio.com 

On  the  Move 

Meridith  Levinson,  mlevinson@cio.com 

Peer  to  Peer 

Alison  Bass,  abass@cio.com 

Total  Leadership 

Elana  Varon,  evaron@cio.com 

Trendlines 

Elana  Varon,  evaron@cio.com 

Washington  Watch 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 


InBox 

Cheryl  Asselin,  casselin@cio.com 

e-mail  letters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.O.  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com  subscriber  ser¬ 
vices  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com  reprint  services  Jesse  Levy  •  PARS  Interna¬ 
tional  •  212  221-9595  xl23  •  E-mail  jesse@parsintl.com  rights  and  permission  Andrew  Burrell  •  508  935-4785  • 
E-mail  aburrell@cio.com 


COLUMN  &  DEPARTMENT  CONTACTS 

! - - - - - ■ . - . 


1  4 


SEPTEMBER  1,  2005  |  www.cio.com 


“Guardian  uses 
Primavera 
to  run  IT 
like  a  business.” 


(^k)  PRIMAVERA 


—  Dennis  5.  Callahan,  EVP  and  CIO 

The  Guardian  Life  Insurance  Company  of  America 


“Since  2000,  we’ve  cut  our  IT  budget  30% 
while  increasing  the  level  of  service  to  our 
business  units. 


Guardian’s  IT  operations  are  business-driven,  not 
technology-driven.  Our  business  units  define  their 
business  needs,  and  those  needs  drive  IT  investment 
strategies  and  plans.  With  Primavera’s  solution  for 
project,  resource  and  portfolio  management,  we  can 
judge  every  request  and  project  in  progress  against 
how  it  meets  predefined  business  requirements. 

We  don’t  waste  money  on  projects  that  don’t  give 
us  the  best  business  return  on  investment. 


Now,  our  business  units  and  IT  have  the  same 
objectives,  the  same  agenda,  the  same  priorities. 
Primavera’s  software  solution  plays  a  major  role 
in  making  that  happen.” 


FORTUNE  is  a  registered  trademark  of  the  FORTUNE  Magazine  Division  of  Time  Inc. 


1 


We  re  inspired  by  the  human  side  of  data.  His  next  big  breakthrough,  a  masterful  client 
presentation,  even  an  e-mail  rant  on  Italian  coffee,  are  all  stored  as  data.  That’s  why  over  half 
of  the  FORTUNE  100  use  Hitachi  storage  technologies  to  protect  their  data,  and  his  opinions. 
From  the  smallest  Microdrive®  to  the  largest  SAN  solution,  Data  Storage  from  Hitachi. 


hitachiyourdata.com 


HITACHI 

Inspire  the  IMext 


READER  FEEDBACK 


InBox 


Consider  Open  Source 

CIOs  are  generally  a  cautious  lot, 

and,  many  times,  rightfully  so  [“Free, 
but  Not  Risk-Free,”  July  1].  Projects  and 
products  created  by  the  open-source 
community  have  matured  significantly 
in  the  past  three  years.  Scores  of  online 
and  offline  businesses  with  multimil- 
lion-dollar  annual  revenue  streams  are 
running  primarily— or  solely— open- 
source  software. 

For  most  of  our  businesses,  we  don’t 
need  to  jump  into  open  source  and  trust  it 
with  our  mission-critical  applications  on 
faith:  Most  of  us  run  proprietary  hard¬ 
ware  and  software  systems  that  can  be 
replaced— and  probably  improved— by 
open-source  operating  systems,  databases, 
application  servers  and  commodity  hard¬ 
ware.  It  doesn’t  take  long  to  examine  exist¬ 
ing  systems  and  see  where  we  could  use 
open  source  to  our  advantage  before  div¬ 
ing  all  the  way  in  and  hoping  our  “comfort 
level”  is  justified. 

STEVE  MCNALLY 

CIO,  Mean  Business 
steve@meanbusiness.com 


l 

Know  How  to  Sell 

As  I  read  Michael  Schrage’s  June  15 
article,  “Buttressing  the  Business,”  I 
found  myself  disagreeing  with  his  call 
for  IT  to  stop  selling.  Selling  is  what 
every  person  in  an  organization  does 
every  day.  The  best  salesperson  in  any 
company  is  the  one  who  occupies  the 
CEO  position.  If  the  IT  professionals 
with  introverted  personalities  do  not 
learn  to  sell  their  ideas  and  proposals, 
they  stand  no  chance  of  becoming  busi¬ 
ness  partners  with  others  in  the  organi¬ 
zation,  and  instead,  will  remain 
second-tier  utility  providers. 

Schrage  refers  to  selling  as  a  sleazy 
practice  involving  charisma  and  trickery. 
In  reality,  selling  is  the  ability  to  articu¬ 
late  your  business  proposal  and  then 
persuade  others  to  join  in  the  execution. 
Selling  has  nothing  to  do  with  charisma, 
especially  if  your  business  case  is  solid. 
The  article  failed  to  recognize  that  today’s 
organization  is  about  people— people 
with  agendas,  interests,  emotions  and 
ideas.  Only  the  art  and  science  of  selling 
and  persuasion  can  progress  and  execute 
ideas  in  an  organization.  By  asking  IT 
not  to  be  involved  with  or  hone  their  sell¬ 
ing  skills,  Schrage  is  sentencing  them  to 
become  second-rate  citizens  in  their  own 
companies  and  reinforcing  the  notion 
that  IT  “doesn’t  matter.” 

IT’s  future  is  in  driving  technology- 
focused  innovation  throughout  the  organi¬ 
zation  and  adding  measurable  value.  IT 
professionals  will  not  succeed  in  achieving 
these  goals  if  they  do  not  learn  how  to  per¬ 
suade  other  internal  business  partners  to 
adopt  their  innovative  ideas.  CIOs  should 
not  shut  up  and  smile,  as  Schrage  suggests. 
In  the  ideal  world,  CIOs  should  take  an 
active  role  in  identifying  new  business 
opportunities  and  proposing  initiatives 


and  selling  them  internally,  especially  if 
they  have  any  hope  of  making  IT  matter. 

LIOR  ARUSSY 

Author 

Innovating  IT:  Transforming  IT  from  Cost 
Crunchers  to  Growth  Drivers 
lior@strativitygroup.com 

Correction 

We  inadvertently  listed 
the  wrong  information  for 
Leslie  Lambert,  vice  presi¬ 
dent  of  IT  Service  Manage¬ 
ment  for  Sun  Microsystems, 
in  our  July  15  “33  Rising 
Stars”  list  of  honorees.  We  apologize  for 
the  error.  Her  correct  information  is 
listed  here: 

“Leslie  Lambert  is  a  star  example  of 
strong,  compassionate  leadership  through 
disciplined  focus  and  astute  balancing  of 
priorities,”  says  CIO  Bill  Vass.  “She  is  the 
person  you  want  to  trust  with  your  busi¬ 
ness-  and  life-critical  systems.  She  essen¬ 
tially  sets  the  rules  for  all  of  Sun  IT’s 
activities,  encompassing  more  than 
$350  million  in  spend  every  year.” 

Leslie  was  the  leader  behind  Sun’s  suc¬ 
cessful  deployment  of  Siebel  case  manage¬ 
ment  and  CRM,  a  global  undertaking  that 
involved  development  and  infrastructure 
improvements  and  greatly  enhanced  global 
business-process  capabilities.  “She  is  a  role 
model  in  many  ways,  but  especially  in  her 
integrity  and  courage  to  do  what’s  right 
for  the  company,”  says  Vass. 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
letters@cio.com.  Letters  may  be  edited  for 
length  or  clarity.  For  a  link  to  the  articles 
mentioned,  go  to  www.cio.com/090105 

cio.com 


18 


SEPTEMBER  1,  2005  |  www.cio.com 


&3M 


PATIENTS  NOTE 


MAKING  YOUR  FILES 
ELECTRONIC  MAKES  THEM  EASY 
TO  ACCESS  (BY  ANYONE) 


Even  if  everyone  knew  about  the  problem,  would  anyone  know  the  solution? 


As  every  aspect  of  business  migrates  to  the  Web, 
sensitive  information  once  sheltered  is  now 
exposed.  Because  browser-based  applications  pass 
through  the  entire  security  perimeter. 

If  that  doesn't  wrinkle  your  brow,  in  a  recent 
study  70  percent  of  companies  reported  security 
intrusions,  with  an  average  of  136  annually. 

The  only  real  answer  is  a  solution  that  knows 
exactly  what  your  application's  traffic  should  look 
like,  and  blocks  everything  else.  A  comprehensive 


solution  that  gives  you  complete  control  over  who 
gets  access  from  where  and  when,  that  can  actually 
identify  and  filter  application-level  cyber  attacks. 

It's  application  traffic  management  taken  to  the 
next  level.  Something  that  could  only  have  come  from 
a  deep  understanding  of  both  the  network  and  the 
application.  Which  is  why  only  F5  can  offer  it.  For 
details  on  this  revolutionary  architecture,  including 
our  Traff icShield™  Application  Firewall  and  FirePass® 
SSL  VPN,  visit  www.f5.com/ciodoc  or  call  866-543-9369. 


Your  potential.  Our  passion ." 

Microsoft 


'  Wmi&mk  k 


1  r,"' 


i 

• «  w 


©  2005  Microsoft  Corporation.  All  lights  reserve$|^|HRSff»|ij£harePoint,  the  Windows  lo 
oi  trademarks  of  Microsoft  Corporation  in  the  United  States  and/of  other  countries.  The  names 


/er  System,  and  'Your  potential.  Our  passion."  are  either  registered  trademarks 
ucts  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


NAME 


Mr.  50,000  Global 
Remote  and  Mobile 
Users  Connected 
Without  a  VPN. 


NISSAN 


«8fe  $§83$  ,.v  ,  ,  i  ? 


"At  Nissan,  we  expect  to  save  at  least  $135  million  annually 
thanks  to  the  efficiencies  that  Windows  Server  2003  and 
Exchange  Server  2003  are  helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager,  Nissan  Motor  Company,  Ltd. 


Make  a  name  for  yourself  with  Windows  Server  System. 

An  upgrade  to  Microsoft  Windows  Server  System 
made  it  possible  for  50,000  worldwide  employees 
at  Nissan  Motor  Company  to  have  more  secure 
remote  access  to  their  e-mail  and  calendars 
from  any  Internet  connection,  without  the  hassle 
and  expense  of  a  VPN.  Here's  how:  By  deploying 
Windows  Server  2003  and  Exchange  2003,  not  only 
did  Nissan  IT  meet  the  CEO's  demand  for  better  global 
collaboration,  they  expect  to  save  at  least  $135  million 
by  streamlining  their  messaging  infrastructure. 
To  get  the  full  Nissan  story  or  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 


Windows 
Server  System 


Windows  Server  System™  includes: 


Server  Platform  Windows  Server™ 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server™ 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint*  Portal  Server 

Integration 

BizTalk*  Server 

Management 

Systems  Management  Server 

Microsoft*  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


INCREASING  THE  VALUE  OF 
TECHNOLOGY  INVESTMENTS 


what  will  SAS  software  mean  for  you? 


SAS  software  delivers  one  powerful  business  intelligence 
return  on  intelligence  —  in  less  time.  For  nearly  30  years,  SAS 
to  their  most  pressing  business  questions  and  address  th 
Beyond  BIT  Find  out  why  94%  of  the  FORTUNE  Global  500“  n 
manage  risk  and  optimize  performance. 


and  analytics  platform  for  gaining  greater 
has  been  helping  companies  gain  answers 
air  most  challenging  issues. ..taking  them 
aly  on  SAS  to  increase  profits,  reduce  costs, 


www.sas.com/value 


SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  of  their  respective  companies.  .2005  SAS  Institute  Inc.  All  rights  reserved.  323809US.0305 


ILLUSTRATION  BY  GETTY  IMAGES:  PHOTO  COURTESY  OF  KIRK  MARTIN/GEORGIA  POWER 


trendlines 

EDITED  BY  ELANA  VARON  NEW  *  HOT  *  UNEXPECTED 


A  WEB  OF 

SAFETY 

Mobile  mesh  network  connects  cops 


wireless  The  tiny  Califor¬ 
nia  town  of  Ripon  (population 
13,000)  sits  amid  acres  of 
almond  orchards  in  the  San 
Joaquin  Valley,  about  an  hour’s 
drive  from  the  state  capital 
of  Sacramento  and  a  couple 
of  hours  from  Yosemite 
National  Park.  It’s  peaceful, 
growing  rapidly— and  an  early 
test  bed  for  an  advanced,  high- 
tech  mesh  network. 

In  a  mesh,  every  device  can 
be  both  a  receiver  and  a  trans¬ 


mitter,  with  each  new  node 
increasing  the  size,  range  and 
reliability  of  the  network.  Mesh 
gear  tends  to  cost  more  than 
alternatives  such  as  equipment 
based  on  the  more  common 
802.11  wireless  network  stan¬ 
dard,  but  if  you  need  a  network 
that  can  move  with  you  or 
expand  and  contract  quickly  as 
your  needs  warrant  (the  mili¬ 
tary  was  an  early  adopter  of  the 
technology),  mesh  can  be  worth 
the  expense. 


Ripon’s  introduction  to  mesh 
started  with  a  letter  delivered 
in  2003  from  AT&T  to  Police 
Chief  Richard  Bull’s  depart¬ 
ment.  In  the  letter,  the  telecom 
provider  announced  that  it 


was  dropping  support  for  the 
CDPD  (cellular  digital  packet 
data)  standard  in  favor  of  the 
newer,  faster  GPRS  (general 
packet  radio  service)  standard, 
Continued  on  Page  24 


The  House  That  CIOs  Built 


community  service  There 
isn’t  enough  time,  but  there  are  demands 
aplenty.  The  drumbeat  of  corporate  life 
speeds  up,  along  with  the  never-ending  flow 
of  technology  mandates— do  it  faster,  do  it 
cheaper,  do  it  now. 

So  where  is  there  space  for  a  conscience? 
After  all,  many  executives  want  to  do  some 
good  while  they  are  doing  well.  And  some 
companies  insist  that  executives  make  time. 
“When  I  get  my  performance  review,  they 
say,  'What  are  you  doing  to  give  back  to  the 
community?’"  says  Southern  Co.  Senior  Vice 
President  and  CIO  Becky  Blalock. 

Blalock  is  among  a  group  of  Atlanta-area 
CIOs  from  about  15  companies  who  meet 
roughly  every  three  months  for  lunch.  But 
because  they  are  too  busy  to  even  do  lunch, 
they  ensure  these  meetings  are  spiced  with 


some  value.  They  talk  shop  and  swap  ideas, 
often  going  back  to  their  offices  with  a  new 
angle  on  a  nagging  problem,  or  just  a  sense 
that  they  are  not  alone  in  what  they  face. 

Last  fall,  Delta’s  then-CIO  Curtis  Robb  (he 
has  since  retired)  suggested  a  project  for  the 
group  that  was  not  work-related:  Build  a 
home  with  Habitat  for  Humanity.  "All  I  had  to 


IT  VOLUNTEERS  get  ready  to  raise  the  frame 
of  a  house  they  built  for  Habitat  for  Humanity. 


do  was  bring  up  the  idea  and  everybody 
jumped  on  it.” 

Nine  companies  signed  up.  Close  to  300 
people  from  these  companies  worked  on  the 
Smith  Street  home  in  Atlanta  during  seven 
days  in  May.  At  the  end,  there  was  a  house  for 
Tracey  Lacey  and  her  daughter,  Quasha. 

Company  policies  on  volunteering  differ. 
For  some,  the  work  is  paid;  elsewhere,  it  is 
just  time  off.  Either  way,  the  CIOs  had  to  plan 
for  the  absence  of  people  working  on  the 
project— including  themselves. 

Blalock  says  she  shoveled  dirt  for  the 
lawn.  “Then  they  took  me  up  on  the 
porch  and  they  showed  me  how  to  sand." 

Yet  Blalock  and  the  other  CIOs  were 
no  less  busy  in  May  than  they  were  any 
other  time.  Squeezing  in  such  a  project 
may  be  as  simple  as  picking  a  date.  Says 
Robb,  "Unless  you  schedule  time  for  it, 
you’ll  never  get  to  it." 

- Michael  Kaneil 


2  3 


www.cio.com  |  SEPTEMBER  1 


The  Long  and  Congested 
Commute  to  the  Top 

career  According  to  a  survey  by  TheLadders.com,  a  website  that  lists 
six-figure  job  openings,  executives  spend  nearly  twice  as  long  as  the  aver¬ 
age  worker  commuting  to  the  office  in  the  morning.  Nearly  80  percent  of 


all  execs  commute  by  car.  Only  2  percent 


DHS  Revamp  Targets 
Cybersecurity 

government  Cybersecurity  will  get  a  high-level  champion  at  the  U.S. 
Department  of  Homeland  Security  as  part  of  a  broad  reorganization  announced  in 
July  by  DHS  Secretary  Michael  Chertoff. 

Chertoff  announced  a  new  position  of  assistant  secretary  for  cyber  and 
telecommunications  security,  thereby  raising  the  standing  of  the  cybersecurity 
chief  on  DHS’s  organizational  chart.  Some  technology-oriented  trade  groups,  as 
well  as  members  of  Congress,  have  urged  the  creation  of  such  a  position. 

An  assistant  secretary  will  have  the  authority  to  set  policy  and  pull  private 
industry  into  collaborations  with  government,  observes  Information  Technology 
Association  of  America  President  Harris  Miller.  He  says  there  needs  to  be  a 
“sophisticated,  real-time,  highly  trusted”  information-sharing  mechanism 
between  government  and  private  companies.  In  addition,  says  Jack  Danahy,  CEO 
with  IT  security  vendor  Ounce  Labs,  an  assistant  secretary  will  be  able  to  tie 
together  several  cybersecurity  efforts  within  government. 

But  James  Lewis,  director  of  the  Technology  and  Public  Policy  Program  at  the 
Center  for  Strategic  &  International  Studies,  says  that  without  greater  leadership 
from  the  top  levels  of  the  Bush  administration,  a  new  position  may  not  improve 
cybersecurity  much.  Critics  complain  that  cybersecurity  has  not  been  a  high 
enough  priority  for  the  White  House.  (Find  out  more  about  cybersecurity  at  DHS 
at  www.cio.com/090105.)  -Grant  Gross 

24  SEPTEMBER  1,  2005  |  www.cio.com 


Safety  Web  Z _ 

Continued  from  Page  23 

effectively  wiping  out  the  town’s  investment  in 
CDPD  equipment.  Bull  wasn’t  happy  and  told  the 
city  council,  “We  don’t  want  to  be  at  the  mercy  of  a 
cellular  phone  company”  for  the  town’s  critical 
mobile  data  needs. 

Instead,  Bull  suggested,  the  city  ought  to  build 
its  own  network.  After  two  years  of  looking  at 
options,  the  town  chose  a  mesh  network  system 
using  equipment  built  by  Motorola  and  installed 
by  Lockheed  Martin.  Bull  says  that  only  a  few  other 
towns  in  the  United  States  have  begun  experiment¬ 
ing  with  mesh  for  public  safety  systems. 

The  network,  which  the  town  began  deploying  in 
June,  will  consist  of  mesh  devices— network  trans¬ 
ceivers  to  which  laptops,  cameras  and  other  devices 
can  be  attached— that  automatically  connect  to  each 
other  as  they  move  within  range.  Patrol  cars  will 
have  mesh  modems  installed,  allowing  officers  to 
retrieve  maps,  criminal  records  and  other  data, 
even  while  traveling  at  high  speed  to  a  crime  scene. 
They’ll  also  be  able  to  tap  into  mesh-connected 
digital  cameras  that  will  be  installed  in  a  number 
of  public  areas,  including  a  local  sports  complex, 
to  monitor  public  events. 

Local  businesses  are  also  joining  the  mesh  proj¬ 
ect.  Banks  will  be  able  to  link  their  security  cameras 
to  a  system  that  will  provide  police  with  pictures 
when  an  alarm  is  pulled,  allowing  officers  to  see 
what’s  happening  even  as  they’re  on  their  way  to 
investigate.  And  commercial  developers  are  being 
required  to  integrate  mesh  transceivers  into  new 
construction,  thus  helping  guarantee  a  robust  net¬ 
work  throughout  the  town. 

Bull  says  that  by  programming  the  cameras  to 
send  images  only  after  an  alarm  is  triggered,  the 
police  will  be  able  to  assuage  concerns  about  pri¬ 
vacy.  He  adds  that  the  mesh  network’s  proprietary 
wireless  protocol  makes  it  less  likely  to  be  hacked 
than,  say,  something  based  on  802.11.  But  he  says 
the  mesh  backbone  is  the  network’s  only  propri¬ 
etary  piece.  Any  IP-based  device,  from  cameras  to 
PDAs  to  laptop  computers,  can  attach  quickly  to  a 
mesh  transceiver  and  work  over  the  network.  The 
network  will  also  be  available  for  other  Ripon 
municipal  groups. 

The  network  is  expected  to  be  deployed  and  oper¬ 
ating  by  the  beginning  of  September.  Bull  expects 
the  network  will  ultimately  help  Ripon  do  more 
with  less.  “We’re  all  strapped  for  resources,”  he  says. 
“If  you  can’t  hire  more  officers,  give  yourselves  more 
eyes  out  there.”  -Christopher  Lindquist 


TRENDLINES 


NEXT-GENERATION 


STORAGE 


TECHNOLOGY 


Relief  from  Data 

Pillar  Data  Systems  Changes 
the  Rules — in  Your  Favor 


EXECUTIVE  SUMMARY 

For  many  companies,  success  in  the  “information  age”  means  informa¬ 
tion  overload.  Data  storage  requirements  are  exploding- —  whether  it’s 
the  amount  of  data,  the  number  of  users,  or  the  types  of  data  being 
stored.  For  CIO’s,  that  means  data  storage  needs  are  starting  to 
monopolize  IT  budgets  and  resources.  And  as  the  digital  tide  of  emails, 
invoices  and  video  presentations  continues  to  rise  exponentially,  the 
investment  requirements  are  only  going  to  grow.  Pillar  Data  Systems, 
an  innovative  data  storage  company  headed  by  IBM  veteran  Mike 
Workman  and  backed  by  Oracle  CEO  Larry  Ellison,  is  positioning 
itself  to  help  the  corporate  world  tame  the  data  storm  and  save  them¬ 
selves  some  money  at  the  same  time.  The  following  article  shows  how 
companies  such  as  LeapFrog,  Thacher  Proffitt  and  I/PRO  are  using 
Pillar  Data  Systems  to  bring  data  storage  under  control,  under  budget. 


Robert  Moon,  senior  vice  president  and  CIO  at  Emeryville,  Calif.  - 
based  LeapFrog  Enterprises  observes  that  “For  years,  it’s  felt  like  stor¬ 
age  companies  have  been  taking  advantage  of  us.  They’ve  continued 
to  charge  a  lot  for  technology  without  revolutionary  advancements.” 

LeapFrog  is  a  leading  designer,  developer  and  marketer  of  technolo¬ 
gy-based  educational  products.  And,  like  many  companies,  it  is  chal¬ 
lenged  with  dramatic  growth  in  storage  requirements.  The  compa¬ 
ny  is  already  seeing  spikes  in  storage  for  network  files,  e-mail  and 
basic  archival.  And  its  storage  is  expected  to  increase  exponentially 
as  the  company  rebuilds  its  IT  infrastructure  to  encompass  supply 
chain  management  and  customer  resource  management  (CRM). 

LeapFrog  needed  a  way  to  distinguish  between  different  kinds  of 
data,  and  then  prioritize  access  to  that  data.  Working  in  the  fast- 
paced  world  of  retail  —  with  distribution  outlets  the  likes  of 
Wal-Mart  and  Kmart  —  no  excuses  are  acceptable  and  perform¬ 
ance  is  absolutely  critical,  says  Moon. 

Dill 

X  DATA  SYSTEMS 

Custom  Publishing 
Advertising  Supplement 


Storage  Overload 


And,  like  it  or  not,  price  plays  a  role  in  storage  policy.  “I  wanted 
good,  fast  and  inexpensive,”  declares  Moon.  “Pillar  [Data  Systems] 
offers  all  three.” 

Raise  the  Bar  | 

The  storage  market  is  a  moving  target.  “Storage  applications  and  data 
are  becoming  much  more  diverse,”  says  Richard  Villars,  vice  presi¬ 
dent,  storage  systems  at  IDC,  the  global  market  intelligence  and  advi¬ 
sory  firm  based  in  Framingham,  Mass.  Everything  about  the  storage 
environment  seems  to  be  expanding  —  from  the  amount  of  data  and 
the  number  of  users  to  the  number  of  applications  and  the  types  of 
data  stores.  Even  the  data  itself  has  diverse  characteristics,  including 
different  performance  metrics,  different  access  rates  and  different 
storage  requirements,  says  Villars. 

Regulatory  compliance  and  mandatory  retention  periods  are  also 
taking  a  toll,  requiring  CIOs  to  maintain  more  data,  for  longer  peri¬ 
ods  of  time.  And  although  tape  is  a  great  final  resting  place,  while 
it’s  alive,  useful  and  needed  data  should  live  on  a  highly  available, 
low-cost  disk.  “With  our  rising  ‘just-in-case’  compliance  mentality, 
storage  must  be  fiscally  feasible,”  says  LeapFrog’s  Moon. 


NEXT-GENERATION 


G  E 


ADVERT 


TECHNOLOGY 


Pillar  Axiom,™  consolidates  multiple  tiers  of 
storage,  with  optimized  performance  and  cost. 


CIOs  Know  Best 

“New  storage  vendors,  like  Pillar,  have  a  chance  to  funda¬ 
mentally  change  the  industry,”  says  Christopher  Hill,  who 
runs  IS  at  Thacher  Proffitt. 

As  a  prestigious  NYC  law  firm,  Thacher  Proffitt  has  intense 
storage  requirements.  Topping  its  list  of  concerns:  afford¬ 
able,  manageable,  high-quality  disk  space  that  allows  Hill 
to  meet  the  stringent  security  demands  of  his  clients. 
Thacher  Proffitt  must  address  increasingly  explicit  data 
retention  and  protection  specifications  driven  by  client 
requests  and  recent  legal  precedents.  Hill  needed  a  vendor 
that  could  address  his  needs,  in  a  way  that  incumbent 
providers  simply  can’t. 


All  the  while,  typical  acquisition  costs  and  reoccurring 
software  fees  for  storage  systems  can  be  likened  to  an  ERP 
investment.  And  storage  system  maintenance  and  man¬ 
agement  costs  are  spiraling  out  of  control,  usually  exceed¬ 
ing  the  acquisition  costs.  Despite  the  increased  pressure 
on  IT,  staff  is  typically  fixed.  “An  increase  in  storage  of  200 
percent  doesn’t  mean  IT  will  get  two  more  staff  members 
to  run  it,”  Villars  says.  As  a  result,  many  CIOs  must  rely  on 

What’s  Your  Storage  ROI? 

eady  to  take  the  leap  into  next-generation  storage? 
Don’t  do  it  on  blind  faith.  Instead,  make  your  deci¬ 
sion  based  on  hard  numbers  that  help  you  build  — 
and  sell  —  a  solid  business  case  for  data  storage. 

For  a  consultation  and  free  ROI  analysis,  contact  Pillar  Data 

Systems  at  1-877-252-3706  or  www.pillardata.com/cio. 


pricey  consultants  —  or  expect  slower  response  times  from 
over-tasked  staff. 

To  make  matters  worse,  traditional  storage  solutions  just 
aren’t  pulling  their  weight.  These  systems  tend  to  be  mono¬ 
lithic,  Villars  says.  They’re  hard  to  tune  to  fit  different  data 
requirements,  resulting  in  “blobs  of  storage,”  resulting  in 
storage  environments  that  are  complex,  hard  to  manage 
and  not  necessarily  scalable. 

Yet,  CIOs  still  feel  locked  into  current  vendors.  It’s  time  to 
raise  the  bar. 


It’s  obvious  that  Hill  —  and  others  like  him  —  under¬ 
stands  today’s  storage  challenges.  So  when  Mike 
Workman,  president  and  CEO  of  Pillar  Data  Systems, 
decided  that  a  new  approach  to  storage  was  in  order,  he 
went  directly  to  the  people  who  know  storage  best.  Before 
writing  a  single  line  of  code,  his  team  of  storage  veterans 
spent  months  interviewing  industry  powerhouses  —  the 
people  in  the  trenches,  who  live  and  breath  storage  every 
day.  Christopher  Hill  is  one  of  those  thought  leaders, 
echoing  what  the  rest  of  the  industry  had  to  say. 

Here’s  what  were  identified  as  the  top  market  priorities: 

Choice  and  Flexibility:  CIOs  often  find  themselves 
compromising  business  requirements  to  fit  their 
technology  selection.  “They’ve  had  to  choose 
between  the  performance  of  SAN  and  the  cost-effective¬ 
ness  of  NAS,”  says  Workman.  “The  market  is  entitled  to  the 
flexibility  to  go  both  ways  —  without  breaking  the  bank  or 
drowning  the  IT  staff.”  And  adding  a  NAS  gateway  onto  a 
SAN  configuration  or  building  a  software  layer  into  NAS 
that  imitates  a  SAN  system  just  isn’t  going  to  cut  it  any¬ 
more,  explains  Workman. 

Tiered  Storage  in  One  Integrated  System:  Perhaps 
worse  than  committing  to  a  single  technology, 
CIOs  have  resorted  to  buying  “purpose-built”  sys¬ 
tems  for  every  new  application,  resulting  in  a  barrage  of 
smoke-stack  storage  systems.  This  is  becoming  increasing¬ 
ly  unrealistic  to  credibly  maintain.  “Storage  is  hard  to  man¬ 
age,”  says  Hill.  He  has  15  people  in  IT  and  can’t  afford  to 


2 


TISING  SUPPLEMENT 

NEXT-GENERATION 


TECHNOLOGY 


staff  someone  for  each  data  store.  So  Hill  must  be  able  to 
manage  all  three  of  his  storage  applications  —  documents, 
e-mail  and  SQL  —  from  a  centralized  system. 

Automatic  Prioritization:  When  it  comes  to  data 
storage,  prioritization  is  key.  The  age-old  “first 
come,  first  serve”  simply  isn’t  good  enough.  And 
manually  tuning  the  system  for  allocation  of  data  between 
high-  and-low  performance  drives  is  much  too  complex  and 
time-consuming.  Hill  says  virtualization  and  dynamic  disc 
allocation  is  the  answer.  Automatically  storing  more  impor¬ 
tant  data  on  the  outer  edge  of  the  disk  for  faster  access  can 
make  or  break  any  business.  Such  intelligent  data  placement 
and  prioritized  queues  ensure  the  highest  quality  of  service 
so  data  is  always  where  it  should  be,  when  it  should  be. 

Performance:  Storage  is  all  about  performance. 
CIOs  want  data  when  they  want  it,  not  when  the 
system  can  give  it  to  them.  They  can’t  be  worrying 
about  whether  their  drives  can  handle  a  new  application. 
Or  trying  to  predict  how  adding  new  workloads  will  affect 
system  performance.  They  just  need  to  access  data  at  the 
pace  that  they  run  their  business.  “On  the  last  few  days  of 
the  month,  trucks  line  up  at  the  shipping  dock,”  Moon 
explains.  “We  need  to  process  orders  quickly  and  get  them 
on  their  way.  There  is  no  room  for  performance  lags.”  That 
would  cost  big  bucks,  adds  Moon. 


Axiom 
Slammer 
SAN 
Controller 


Multiple 
Axiom  Brick 
Storage 
Enclosures 


With  Pillar  Axiom™,  deploy  SAN,  NAS,  or  both. 


5  Enterprise-Class,  Not  Enterprise-Cost:  “Our 
greatest  challenge  has  been  that  we  needed  a 
high-quality  disc  [to  address  growing  needs], 
but  it’s  just  too  expensive,”  explains  Hill.  Availability, 
scalability  and  performance  seem  to  come  at  a  premium. 
Both  acquisition  costs  and  maintenance  fees  are  out  of 
control.  To  compound  this  issue,  CIOs  must  bite  the  bul- 


Questions  and  Answers  About  Next-Generation  Storage  Solutions 


An  Interview  with  Christopher  Butler, 
COO  and  CTO,  l/PRO 

Christopher  Butler,  COO  and  CTO  at 
San  Francisco-based  l/PRO,  spoke  can¬ 
didly  about  choosing  a  storage  solution 
for  his  organization: 

Q.  Why  is  data  storage  so  important? 

A.  l/PRO  is  in  the  business  of  digital  media 
analytics,  using  data  warehousing  and 
mining  to  measure  the  effectiveness  of  our 
clients’  web  advertising.  As  with  many 
businesses,  we’re  all  about  the  data,  so 
storage  has  become  a  key  part  of  our 
delivery  model.  It  has  a  huge  impact  on 
our  business. 


Q.  What  is  the  greatest  pitfall  of  traditional 
storage  solutions? 

A.  With  traditional  storage  solutions,  you 
have  to  buy  and  deploy  different  boxes  for 
different  tiers  of  data  storage.  This  makes 
maintenance  a  complete  nightmare.  We 
needed  one  system  to  manage  it  all. 

Q.  What  solution  did  you  choose 
and  why? 

A.  We  had  to  simplify  and  better  manage  our 
data  collection,  storage  and  retrieval.  Pillar 
offered  a  homogenous  environment  so  we 
could  move  data  up  and  down  tiers,  keeping 
data  [on  the  outer  edges  of  the  disk]  for  a 
month  and  then  pushing  it  further  down  on 
the  disk  to  free  up  prime  access  space. 


Q.  How  did  your  company  benefit? 

A.  Pillar  addressed  our  storage  management 
needs  in  regard  to  flexibility  and  perform¬ 
ance.  And,  in  the  first  year,  we  project  a  sav¬ 
ings  of  three  times  the  acquisition  costs  — 
with  dramatic  numbers  coming  from  mainte¬ 
nance  and  headcount. 

Q.  What  are  your  future  plans? 

A.  l/PRO  is  expanding  rapidly  and  our  stor¬ 
age  capacity  must  keep  in  line  with  that 
business  growth.  For  price  and  perform¬ 
ance,  it  behooves  us  to  grow  the  Pillar  plat¬ 
form  and  eventually  migrate  all  of  our  stor¬ 
age  requirements  over  to  the  new  system. 


3 


NEXT-GENERATION 


G  E 


TECHNOLOGY 


“I  wanted  good,  fast  and  inexpensive. 
Pillar  [Data  Systems]  offers  all  three.” 

—  Robert  Moon,  SVP/CIO,  LeapFrog  Enterprises 


let  for  expensive  add-ons,  even  for  what  might  be  con¬ 
sidered  basic  functionality.  And  features  seemingly  bun¬ 
dled  into  the  already  high  acquisition  costs  incur  addi¬ 
tional  fees  that  kick  in  with  increased  capacity.  Today,  the 
market  is  looking  for  quality  and  value,  without  these 
enterprise-class  pricing  models. 

“The  CIOs  that  we  spoke  to  emphasized  three  critical 
requirements:  streamlined  processes,  reduced  complexi¬ 
ty  and  lower  total  cost  of  ownership,”  says  Pillar’s 
Workman.  “We  built  our  company  and  our  products 
around  those  issues.” 

Storage  Reinvented 

Next-generation  storage  technology  is  picture  perfect: 
a  single,  integrated  system  with  improved  manageabil¬ 
ity,  automation,  flexibility...  and  affordability.  Next-gen¬ 
eration  storage  solutions  promise  robust  functionality  at 
lower  costs  (not  to  mention  one-time  software  licensing 
and  reduced  operations  costs).  Gone  are  the  enterprise- 
class  maintenance  fees  and  pricey  consultants. 

But  finding  the  right  partner  is  an  important  step,  and  in 
the  storage  arena,  that  hasn’t  exactly  been  a  no-brainer. 


Top  5  Pain  Points 

Based  on  recent  research,  here  are  the  top  five  complaints 
Pillar  heard  in  regard  to  traditional  storage  systems: 

I’m  paying  through  the  nose  for  high  availability! 

I  can’t  credibly  maintain  such  a  complex  environment 
with  my  own  IT  resources. 

Every  time  I  have  a  new  storage  application,  I  have  to 
buy  and  manage  a  new  purpose-built  system. 

I  can’t  predict  the  performance  impact  of  adding  new 
workloads  to  my  system. 

5  The  base  system  doesn’t  include  the  software  I  need 
to  properly  manage  it;  those  are  expensive  add-ons. 


About  Pillar  Data  Systems 

ounded  in  2001 ,  Pillar  Data 
Systems  develops  enterprise 
network  storage  systems. 

The  company’s  Pillar  Axiom 
solution,  driven  by  its  innovative  pol¬ 
icy-based  management  capabilities, 
integrates  SAN  and  NAS  into  a  centrally  managed  stor¬ 
age  platform.  Pillar  Axiom  systems  consolidate  multiple 
tiers  of  enterprise  networked  storage  into  a  single,  easily 
managed  system  capable  of  scaling  to  hundreds  of  ter¬ 
abytes  of  capacity.  Pillar  Data  Systems  is  privately 
funded  by  Tako  Ventures,  LLC,  the  venture  arm  of  Larry 
Ellison,  providing  access  to  $1 50  million  in  funding.  The 
company  is  led  by  Mike  Workman,  who  spent  20  years 
trail-blazing  the  storage  industry.  He  is  backed  by  a  staff 
of  storage  veterans  from  IBM,  Quantum,  Conner 
Peripherals,  LSI  and  HP. 


|7 

m 

Mike  Workman 


CIOs  are  looking  for  a  partner  they  can  trust;  one  that 
offers  quality  solutions  and  acts  as  a  partner,  not  just  a 
vendor.  They  need  to  know  that  they’ll  have  choices 
from  the  onset  and  into  the  future.  Finally,  they  need  to 
know  that  their  partner  and  its  products  will  grow  with 
their  business. 

“Storage  is  only  going  to  get  more  difficult,  because  in 
five  years  companies  will  need  seven  times  more  stor¬ 
age  capacity  than  today,”  says  Villars.  “So  CIOs  need  to 
keep  their  eyes  on  automation  and  flexibility  in  stor¬ 
age  solutions.” 


For  more  information  please  visit 
us  at  www.pillardata.com/cio 
or  call  877-252-3706. 


GridWorld 

- / - \ - 


Grid  in  Action:  Explore.  Adopt.  Deploy. 

GridWorld™  is  the  premier  B2B  conference 
focused  on  the  commercial  benefits  of  grid  computing 
for  Enterprise  IT  strategists,  worldwide. 


CLASS  KEYNOTES: 


Opening  keynote  by  Gary  Beach,  Group  Publisher,  CIO  Magazine  will  set 
the  context  and  help  frame  this  robust  program 


Gary  Beach 

Group  Publisher 

CIO  Magazine 


Steve  Yatko 

Global  Head  of  IT 
Research  & 
Development 

Credit  Suisse  First 
Boston 


Takehiko  Kato 
President 

Engineous  Japan 


Frank  Falcon 

Grid  Delivery 
Manager 

British  Telecom 


.  fcVpHMS  •  Boston,  Nlassachu**.. 


fp^  Join  us  for  the  only 

educational  conference  to  help  Enterprise  IT 
professionals  build  a  business  case/road  map  for  the  enterprise. 


TWO  POWER  PACKED  DAYS  TACKLING  THE  LATEST  ISSUES  AROUND  GRID  DEPLOYMENT: 


Learn  vicariously  from  a  large  multi-national  bank’s  global  Grid  deployment 

Explore  Software  Licensing  Models  for  Grids 

Understand  the  positive  implications  of  IT  as  a  Service 

Find  out  how  Grid  technology  is  speeding  up  the  early  stages  of  drug  discovery 

Explore  the  reality  and  future  of  Grids  in  the  context  of  related  technologies  like 

virtualization,  automation  and  service  orientation 


CIO  Subscribers 
riority  code:  D0101 


REGISTER  BY 
SEPTEMBER  2,  2005 


Brought  to  you  by: 


IDG 

WORLD  EXPO 


At:  gridworldhome.com  j|; 


po  Corp.  All  rights  reserved.  GridWorld  is  a  trademark  of  International  Data  Group,  Inc.  All  other  trademarks  contained  herein  are  the  property  of  their  respective  owners. 


What’s  Shakm’? 


Digital  earthquake  maps  pinpoint  damage 


disaster  recovery  When  four 
earthquakes  of  magnitudes  ranging  from  4.9 
to  7.2  rattled  the  West  Coast  in  June,  Marcia 
McLaren,  a  seismologist  with  Pacific  Gas  & 
Electric  (PG&E),  was  better  prepared  than  she 
was  a  year  and  a  half  ago,  when  a  6.5  magni¬ 
tude  quake  shook  the  San  Simeon  region. 

In  the  first  disaster,  the  utility’s  sites  and  net¬ 
works  weren’t  damaged,  but  that  took  awhile 
to  determine,  as  McLaren  and  her  team  made 
dozens  of  cal  Is  to  managers  in  the  field. 

After  that  experience,  McLaren  installed 


they  can  use  for  damage  assessment.  Within 
minutes  of  an  earthquake,  ShakeCast  collects 
ground-shaking  data  from  underground  sen¬ 
sors  and  produces  a  ShakeMap,  which  dis¬ 
plays  the  distribution  of  shaking  intensity  in 
the  areas  affected  by  the  quake.  From  there, 
the  ShakeMap  is  sent  to  participating  compa¬ 
nies.  Companies  can  also  sign  up  to  receive 
damage  estimates.  (For  more  about  Shake- 
Cast,  visit  www.earthquake.usgs.gov .) 

Now,  when  an  earthquake  with  a  magni¬ 
tude  of  at  least  3.5  hits  anywhere  in  PG&E’s 


ShakeMap  that  shows  where  different  magni¬ 
tudes  of  shaking  occurred.  An  internal  PG&E 
application  overlays  a  map  of  the  utility’s  facil¬ 
ities,  telling  McLaren  which  ones  may  have 
been  affected.  With  this  information,  she  can 
prioritize  which  managers  to  contact  and  what 
procedures  must  be  followed. 

The  June  earthquakes  occurred  too  far 
away  from  PG&E's  service  area  to  cause  any 
damage  to  company  facilities.  Meanwhile, 
McLaren  has  demonstrated  ShakeCast  to 
company  executives,  showing  them  how  they 


ShakeCast,  a  service  launched  last  year  by  the  service  area  (which  occurs  almost  monthly), 


can  use  the  service  to  make  disaster  recovery 


Prepare  for  more  call  volume. 


Oklahoma  distribution 


U.S.  Geological  Survey  (USGS),  which 
provides  companies  with  real- 


McLaren  receives  a  pager  message  and  an 
e-mail  from  USGS  giving  her  details  about 


time  earthquake  data  that  the  quake.  She  then  retrieves  her  color-coded 


How  ShakeCast  Works 


decisions  more  quickly  and  corral  the  costs  of 
future  earthquake  damage. 

-Allan  Holmes 


A  company  uses  the  ShakeCast  system  to  react  to  an  earthquake 


Get  the  Message 

In  Chicago,  XYZ  Co.'s  disaster  recovery  manager  gets  an  alert  from  the  USGS 
ShakeCast  service  on  her  beeper  warning  of  a  magnitude  6.0  earthquake 
south  of  San  Francisco.  The  company  has  three  facilities  and  two  vendors  in 
the  area. 

••  m 


Check  the  Map 

The  manager  retrieves  a  ShakeMap  and  then  uses  a  corporate  application  to 
merge  the  ShakeMap  with  a  map  from  the  company’s  facilities  management 
system.  Colors  indicate  the  severity  of  shaking  near  XYZ  Co.  and  vendor  sites. 


Request  Damage  Reports 

E-mail  and  pager  messages  are  sent  automatically  to  facility  managers  and 
suppliers  requesting  damage  reports.  The  disaster  recovery  team  assesses 
reported  damageandoptionsformaintainingthe  supply  chain. 


3W 


WEAK  STRONG 


TO:  Minneapolis  call  center 

RE: 


Launch 

Disaster 

Recovery 

Plan 

E-mail  notifications 
are  sent  accordingto 
preprogrammed 
business  rules. 


New  York  data  center 
Clara  data  cen¬ 
ter  likely  damaged. 
Prepare  for  more 
volume. 


TO:  San  Jose 
RE:  Roads  to  Belmont 
closed.  Wait  for  ship¬ 
ping  instructions. 


TO: 

RE:  _ _ 

warehouse  mildly  damaged. 
Conference  call  in  four  hours. 


TO:  Vacationing  CEO 
RE:  Quake  hit  three  of  five 
San  Francisco  sites. 
Recovery  protocols  in 
play.  Updates  to  come. 


SEPTEMBER#!,  2005  |  wwv  cio.com 


H 

» 

n 

2 

D 

r 

M 

2 

n 

tn 


UJ 

CO 

UJ 

O 

O 

$ 


UJ 

I 


< 

>- 

CD 

u 

X 


o 

o 


©2005  SAP  AG.  SAP  and  the  SAP  logo  are  trademarks  and  registered  trademarks  erf  SAP  AG  in  Germany  and  several  other  countries 


THE  DAY  PEOPLE  TRUST  A  PAINT  SALESMAN 
TO  GET  THEM  A  FAT  TAX  REFUND  IS  THE  DAY 
WE’LL  MAKE  ONE  KIND  OF  SOFTWARE  SOLUTION. 


No  two  companies  serve  their  customers  the  same  way.  After  all,  running  an  accounting  firm  is  not  the  same  as 
running  a  home  improvement  store.  That’s  why  SAP  makes  solutions  specifically  geared  to  the  nuances  of 
your  business.  And  because  our  solutions  are  scalable  and  flexible,  you’re  never  out  of  step  with  a  changing 
market.  At  SAP,  we  know  business  fundamentals  and  we  know  what  makes  each  business  fundamentally 
different.  Visit  sap.com/unique  or  call  800  880  1727  to  see  how  we  can  help  your  business. 


» 

n 

Z 

D 

r 

*4 

z 

n 

in 


Watch  for  Pitfalls 
When  Applying  IT 
Infrastructure  Library 


I  .T. 

MANAGEMENT 

The  IT  Infrastructure 
Library  (ITIL)-a 
collection  of  best 
practices  for  IT  oper¬ 
ations— is  gaining 
notice  among  CIOs 
because  the  guide¬ 
lines  it  offers  can  improve  their  IT  depart¬ 
ment’s  quality  of  service,  including  increased 
system  uptime,  faster  problem  resolution 
and  better  security.  (To  learn  how  some  CIOs 
are  succeeding  with  ITIL,  see  “ITIL  Power,” 
Page  46.) 

But  using  ITIL  isn’t  easy,  because  it 
demands  major  changes  in  how  IT  organiza¬ 
tions  are  run.  Consultant  Malcolm  Fry  offers 
some  reasons  why  ITIL  projects  fail: 

!►  Lack  of  management  commitment  ITIL  takes 
time  and  a  lot  of  process  change.  Employees 
won’t  commit  to  either  without  top-level  sup¬ 
port  from  both  IT  and  the  business. 

^  Complexity  IT  staff  will  get  overwhelmed  if 
you  break  each  ITIL  process  into  40  or  50 
steps.  Ideally,  limit  the  number  of  steps  to 
five  or  six. 

Poor  work  instructions  ITIL  gives  you  guid¬ 
ance,  but  it  doesn’t  tell  you  how  to  actually 
do  anything.  You  need  to  spend  time  figuring 
out  how  ITIL's  best  practices  apply  to  your 
organization. 

fH^-  Misdirected  metrics  You  need  to  measure 
quality,  not  just  performance.  For  instance, 
often  the  top  metric  for  service  desks  is  num¬ 
ber  of  incidents  resolved  in  the  first  call.  Cus¬ 
tomers,  however,  will  define  success  as  not 
having  to  make  the  call  in  the  first  place. 

!►  Diminished  momentum  ITIL  can  be  a  five- 
year  project,  and  long  projects  are  hard  to  keep 
going.  You  need  to  develop  achievable  goals 
that  keep  this  in  mind.  -BenWorthen 


2  8 


CRM  Gains  Ground 
as  Management  Tool 

management  repoht  Customer  relationship  management  (CRM)  is  gain¬ 
ing  importance  as  a  management  tool  among  executives  globally,  according  to  a  recent 
study  by  Bain  &  Co.  Survey  respondents  ranked  CRM  second  to  strategic  planning 
among  25  of  the  most  popular  management  tools  and  techniques. 

CRM  was  used  by  75  percent  of  the  960  executives  responding  to  the  latest  Bain 

"Management  Tools  &  Trends"  survey,  a  massive  study  tracking  the  usage  of  various 

management  techniques  over  the  past  dozen  years.  That’s  a  sharp  increase  from  the 

35  percent  usage  reported  in  2000-the  first  time  Bain  asked  about  CRM.  The  popular- 

_ 

ity  of  CRM  reflects  two  trends,  according  to  Bain:  an  increased  focus  on  customers  and 

better  knowledge  of  how  to  do  CRM  right.  Because  CRM  requires  sophisticated  soft¬ 
ware  and  massive  amounts  of  data,  companies  take  some  time  to  learn  how  to  succeed 
with  the  practice. 

The  2005  edition  includes  global  executives  from  a  range  of  company  sizes  and 
industries.  They  rated  their  experience  with  25  of  the  most  popular  (according  to  Bain) 
management  tools  and  techniques,  including  both  enterprise-spanning  processes  such 
as  strategic  planning  and  highly  specific  tools  such  as  RFID  tags.  The  executives  also 
answered  questions  regarding  their  views  of  current  management  trends. 

Strategic  planning  is  the  most  widely  used  management  tool,  used  by  79  percent  of 
companies  responding  to  the  survey.  That  was  also  the  top  tool  in  the  previous  survey, 
conducted  in  2002.  But  CRM  displaced  benchmarking  as  the  number-two  tool  in  the 
2005  study.  Other  popular  IT-intensive  tools  include  supply-chain  management,  knowl¬ 
edge  management,  scenario  and  contingency  planning,  and  Total  Quality  Management- 
all  of  which  are  used  by  more  than 
half  of  the  companies  in  the  survey. 

Using  a  management  tool  does 
not  equate  to  satisfaction  with  it, 
however  (see  chart).  For  instance, 
more  companies  this  year  reported 
using  knowledge  management  than 
in  2002,  but  KM  ranked  among  the 
lowest  when  it  came  to  executives’ 
satisfaction  with  it.  Satisfaction 
with  many  other  tools  that  have  a 
large  IT  component  increased 
sharply,  however. 

The  2005  “Management  Tools  & 

Trends”  survey  went  on  to  ask  executives  about  their  general  views  of  IT.  Nine  out  of  10 
executives  agreed  that  “information  technology  can  create  significant  competitive 
advantages,”  with  only  3  percent  disagreeing.  These  findings  were  consistent  among 

UJ 

O 
< 

>- 

with  22  percent  disagreeing.  While  that  leaves  a  lot  of  room  for  improvement,  Bain  con¬ 
cludes  that  IT  has  come  of  age — finally. 

O 

-Edward  Prewitt  £ 


companies,  regardless  of  size  or  region.  Six  out  of  10  executives  agreed  that  “our 
spending  on  information  technology  is  completely  aligned  to  our  business  strategy,” 


tools  that 
executives  use  the 
most  and  what  they 
think  of  them 


Strategic  planning 


CRM 


Benchmarking 


Outsourcing 


Customer 

segmentation 


SOURCE:  BAIN  &  CO. 


SEPTEMBER  1,  2005  |  www.cio.com 


Location,  Location,  Location 


Its  fundamental  to  your  business.  Are  you  leveraging  your  location  data? 

Customer  addresses,  time  zones,  office  facilities,  service  areas,  political  boundaries,  critical  shipments, 
utility  networks,  field-workers,  real  estate,  mobile  assets,  and  warehouses — location  is  mission  critical 
in  every  organization. 

By  leveraging  the  location  information  that  is  inherent  in  your  information  systems,  you  can  manage 
your  organization  more  efficiently  and  cost-effectively,  helping  you  gain  a  competitive  advantage. 

ESRI  technology  is  a  standards-based,  scalable,  and  interoperable  platform  that  can  exploit  location 
data  in  your  business  processes.  With  ESRI  geographic  information  system  (GIS)  technology,  you  can 
make  location  information  and  analysis  available  to  the  people  in  your  organization — at  all  levels — 
who  need  it  most. 


Request  a  copy  of  the  IDC  white  paper  ESRI:  Extending  GIS  to  Enterprise  Applications 
at  www.esri.com/idc_paper  or  call  1  -888-373-1 1 92. 

You  have  all  the  location  information;  put  it  to  work  for  you. 


ESRI 


Copyright  O  2005  ESRI  All  rights  reserved  The  ESRI  globe  logo.  ESRI,  ArcMap.  www.esn.com.  and  Ardnfo  are  trademarks,  registered  trademarks,  or  service  marks  of  ESRI  m  the  United  States,  the  European  Community,  or  certain  other 


ions 


WARNING! 

COMPETITION  APPROACHING 


RISK  MANAGEMENT  The 

roll  call  of  companies  that  failed 
to  see  the  threat  of  competition  in 
their  rear-view  mirror  is  long 
and  illustrative.  GM  and  Japan. 

Circuit  City  and  Best  Buy.  Sears 
and  Wal-Mart.  Who’s  to  blame? 

The  CEO,  says  Ben  Gilad,  a  con¬ 
sultant  and  former  associate  pro¬ 
fessor  of  strategy  at  Rutgers 
Business  School. 

CEOs  have  trouble  seeing  and 
reacting  to  new  competition 
because  they  don’t  talk  or  listen  to  the  right 
people,  Gilad  says.  Once  a  year  they  might 
attend  a  conference  where  they  play  golf 
and  talk  to  their  peers.  “So  they’re  taken  by 
surprise  when  some  new  company  comes 


and  steals  their  customers,”  he  says. 

However,  executives  can  create  an  early- 
warning  system  for  identifying  and  priori¬ 
tizing  strategic  risks  and  then  take  action  to 
counter  them.  For  example,  Gilad  says,  a 


pharmaceutical  company  such  as  Pfizer  that 
relies  on  a  few  megabrands  should  keep  a 
close  eye  on  the  science  of  genomics,  which 
could  give  rise  to  medications  that  are  tai¬ 
lored  to  a  certain  segment  of  the  population. 
Pfizer  needs  to  identify  how  fast  genomics 
will  become  a  commercial  possibility.  » 

tl 

Companies  can  do  this  by  collecting  2 
information  about  signs  of  change  from  r 

M 

inside  (rumors  and  ideas  from  employees)  z 

w 

and  outside  (academia  and  experts),  and  w 
use  software  to  organize  and  tap  into  it. 

Gilad  cites  one  package,  from  Coemergence, 
that  helps  companies  build  early-warning 
information  into  a  database.  When  the  data 
reaches  a  certain  threshold,  the  system 
sends  an  alert  to  the  appropriate  manager. 

That  doesn’t  guarantee  companies  will 
act  on  the  information,  but  ignoring  it  car¬ 
ries  a  price.  If  Pfizer  realizes  genomics  is 
about  to  make  a  breakthrough,  it  can  create 
more  tailored  drugs.  “If  it  doesn’t,  Pfizer’s 
performance  will  decline,”  Gilad  observes. 

Just  like  GM’s  has.  -Alison  Bass 


MARV 

ADAMS 


ROGERS. 

HULL 


IT  Drives  Corporate 
Strategy  at  Ford 


on  the  move  Ford  Motor 
Senior  Vice  President  and  CIO 
Marv  Adams  has  been  named 
the  automaker's  chief  strategist. 

As  such,  Adams  reports  to  Ford’s 
chairman  and  CEO,  William  Clay 
Ford  Jr.  But  when  it  comes  to 
IT  matters,  Adams  continues  to 
report  to  Ford’s  president  and  COO. 

Mark  Bunger,  an  analyst  with 
Forrester  Research  who  covers  the 
automotive  industry,  says  Ford’s 
choice  of  Adams  as  its  top  strate¬ 
gist  reflects  IT’s  importance  to  the 
company."  Every  core  function  at  an 
automaker  today  is  strongly 
affected  by  its  IT  capabilities. 

[As  CIO]  Marv  sees  all  of  that  stuff 
pretty  close  up  so  he  probably 
knows  the  business  as  well  as  any¬ 
body,”  he  says. 


Insurers  Tap 
Premium  IT  Execs 
Vic  Lumby,  the  CIO  of  Old  Mutual 
South  Africa,  moved  into  the  COO 
post  at  Old  Mutual's  American  life 
insurance  group,  Old  Mutual  Finan¬ 
cial  Network.  Lumby  will  continue  to 
coordinate  global  IT  across  all  of  Old 
Mutual  in  his  new  role. 

Aetna  claimed  Margaret 
McCarthy  as  its  new  senior  vice  pres¬ 
ident  and  CIO.  She  was  most  recently 
vice  president  of  Aetna's  Business 
Solutions  Delivery  group.  She 
replaces  Wei-Tih  Cheng,  who  retired 
in  June. 

Terry  Walker  secured  the  senior 
vice  president  and  CIO  post  at  Hart¬ 
ford  Life.  Fie  reports  to  Hartford  Life’s 
CFO.  His  agenda  includes  consoli¬ 
dating  the  company’s  IT  infrastruc¬ 


ture  and  deploying  risk-management 
technology. 

Prudential  Financial  invested  in 
the  IT  expertise  of  Emily  Susskind, 
who  will  serve  as  CIO  of  its  interna¬ 
tional  division.  She  works  with  the 
Newark,  N.J. -based  company's 
international  businesses,  developing 
systems  that  support  new  product 
and  distribution  channels. 

Another  Promotion 

First  American’s  CIO,  Roger  S.  Hull, 
was  made  an  executive  vice  presi¬ 
dent  of  the  data  provider.  Hull’s  pro¬ 
motion  recognizes  his  role  in 
developing  and  integrating  the  com¬ 
pany’s  business  and  IT  strategies. 

-Meridith  Levinson 


On  the  Web 


Read  Meridith  Levinson's  MOVERS 
AND  SHAKERS  blog  for  the  latest 
moves.  Find  it  at  www.cio.com/blogs. 

cio.com 


3  0 


SEPTEMBER  1,  2005  |  www.cio.com 


PHOTO  TOP  BY  GETTY  IMAGES 


OUR  MISSION:  CLEANSING  THE  WORLD  OF  LEASE  SURPRISES.  We  won't  stop  until  your  equipment  lease  is  completely 
free  of  those  insidious  asterisks.  From  the  beginning,  we  have  you  talking  to  someone  authorized  to  make  a  dea1 
No  sales  guys  changing  the  terms  after  they've  talked  to  their  "people."  No  last-minute  caveats  when  you're  ready 
to  sign  the  papers.  We  call  it  a  transparent  process.  And  we  imagine  that's  how  you,  like  so  many  other  well-knov 
companies,  would  prefer  to  work.  Call  Ed  Dahlka,  President,  at  888-760-8900.  No  Surprises. 


LaSalle  Bank 

ABN  AMRO 


LaSalle  Bank  N.A.,  Member  FDIC  ©2005 


LaSalle  National  Leasing  Corpor  a 


OMEDAYTHE 


PROMISE  OF  BI 
WILL  BE  MET. 

WELCOME  TO 
SOMEDAY. 


Business  Intelligence  made  a  promise:  to  make  it  simple  for  everyone  to  use  information  to  make 
better  decisions.  But,  given  your  complex  IT  infrastructure,  the  reality  of  getting  a  single  BI  standard 
in  place  across  the  company  has  been  anything  but  simple.  Until  now. 

Introducing  Cognos  8  Business  Intelligence,  the  one  solution  built  to  break  down  the  barriers  limiting 
BI’s  potential.  With  a  complete  Web  Services-based  SO  A.  A  simple  browser-based  interface.  A  full  range 
of  BI  capabilities  —  reporting,  analysis,  scorecarding,  dashboarding  and  more  —  all  in  a  single  product 
and  on  a  single  architecture.  And  the  BI  foundation  for  companies  demanding  a  simpler  path  to  a  complete 
performance  management  system. 

It’s  everything  BI  promised  to  be.  And  now,  it’s  here. 

Learn  more  today  at  cognos.com/simple 

COGNOS  8  BUSINESS  INTELLIGENCE. 


Copyright  ©  2005  Cognos  Incorporated.  All  rights  reserved. 


..WBw 

tr!  ■  'v  >'  .vy 


LAUNCHING  SEPTEMBER  14 

New  York 

Chicago 

London 

Munich 

Paris 

Amsterdam 

Toronto 

Stockholm 

San  Francisco 

Buenos  Aires 

GLOBAL  TOUR 

Atlanta 

Hamburg 

Boston 

Helsinki 

Calgary 

Lausanne 

Charlotte 

Leipzig 

Chicago 

London 

Cincinnati 

Lyon 

Cleveland 

Madrid 

Dallas 

Maloe 

Denver 

Manchester 

Detroit 

Marseille 

Washington  D.C. 

Milan 

Edmonton 

Moscow 

Fort  Lauderdale 

Munich 

Halifax 

Nantes 

Hartford 

Oslo 

Houston 

Paris 

Indianapolis 

Prague 

Iselin 

Rome 

Los  Angeles 

Stavanger 

Milwaukee 

Stockholm 

Minneapolis 

Stuttgart 

Montreal 

Utrecht 

Nashville 

Vienna 

Ottawa 

Warsaw 

Philadelphia 

Wurzburg 

Phoenix 

Pittsburgh 

Zurich 

Portland 

Adelaide 

Quebec  City 

Auckland 

Richmond 

Brisbane 

Rochester 

Canberra 

San  Antonio 

Melbourne 

Seattle 

Perth 

St.  Louis 

Singapore 

Tampa 

Sydney 

Toronto 

Tokyo 

Vancouver 

Victoria 

Wellington 

Winnipeg 

Bogota 

Brasilia 

Amsterdam 

Caracas 

Barcelona 

Guadalajara 

Basel 

Mexico  City 

Bern 

Monterry 

Brussels 

Panama  City 

Copenhagen 

Porto  Alegre 

Dusseldorf 

Rio  de  Janeiro 

Frankfurt 

Sao  Paulo 

Geneva 

Gothenburg 

Santiago 

M 


THE  NEXT  LEVEL  OF  PERFORMANCE™ 


John  Hagel  &  John  Seely  Brown  keynote 


The  Joy  of  Flex 

A  loosely  coupled  approach  to  business  processes  and  IT  makes  it  much  more  possible 
for  companies  to  innovate,  both  within  and  across  enterprises 


Most  of  you  are  probably  familiar  with  the  con¬ 
cept  of  loose  coupling  since  it  is  a  key  design 
philosophy  underlying  new  generations  of 
technology  platforms.  Loose  coupling,  for 
example,  is  necessary  to  deliver  the  flexibility  promised  by 
service-oriented  architectures  (SOAs).  But  the  concept  of  loose 
coupling  also  holds  tremendous  promise  in  transforming 
how  executives  organize  business  processes,  especially  as 
they  extend  across  global  business  enterprises.  Many  busi¬ 
nesses  today  are  organized  along  a  very  different  model  using 
tightly  specified,  hardwired  management  approaches.  While 
this  strategy  has  been  responsible  for  delivering  a  great  deal 
of  operating  savings  to  many  companies,  it  makes  improvi¬ 
sation  difficult  because  changes  in  one  area  will  cause  unan¬ 
ticipated  disruptions  in  others.  As  a  result,  such  flexibility  in 
business  practices  is  often  discouraged. 

Enterprises  today  are  hardwired  at  two  levels:  IT  platforms 
generally  remain  hardwired,  and  the  business  processes  we 
manage  on  top  of  these  IT  platforms  are  also  hardwired.  Com¬ 
panies  now  have  an  opportunity  to  introduce  loose  coupling  at 
both  levels.  The  innovation  of  loose  coupling  will  not  only  change 
how  companies  operate  within  the  enterprise.  A  loosely  cou¬ 
pled  approach  transforms  how  they  collaborate  and  innovate 
across  enterprises  by  enabling  the  formation  of  global  process 
networks  that  can  mobilize  large  numbers  of  highly  specialized 
business  partners  to  deliver  more  value  to  customers. 

For  example,  Cisco  has  created  a  global  process  network  con¬ 
sisting  of  thousands  of  channel  partners  who  provide  every¬ 
thing  from  basic  fulfillment  operations  to  highly  specialized 
consulting  or  engineering  services  to  adapt  Cisco’s  networking 


34 


SEPTEMBER  1,  2005  |  www.cio.com 


ILLUSTRATION  BY  ANDERS  WENNGREN 


products  to  the  unique  environments  of  its  customers.  The 
partners  in  this  network  are  loosely  coupled  and  orchestrated 
by  Cisco.  This  process  network  works  because  Cisco  has  devel¬ 
oped  standardized  ways  of  specifying  capabilities  and  per¬ 
formance  requirements,  and  it  familiarizes  all  the  partners 
when  they  join  the  process  network  with  its  standardized 
vocabulary.  This  approach  to  defining  standardized  “inter¬ 
faces”  for  each  module  of  activity  makes  it  possible  for  Cisco  to 
quickly  assemble  the  right  modules  and  ensure  that  the  best 
qualified  partner  is  assigned  to  each  module.  This  is  an  exam¬ 
ple  of  loose  coupling  at  the  business  process  level. 

CIOs  are  especially  well  positioned  to  help  the  rest  of  the  sen¬ 
ior  management  team  make  the  transition  toward  loosely  cou¬ 
pled  business  processes.  They  understand  both  the  technology 
and  design  principles  needed  to  support  such  processes,  both 
within  and  across  enterprises. 

The  Advantage  of  Interchangeable  Apps 

Loose  coupling  begins  with  the  notion  of  modularity,  grouping 
activities  into  separate  modules  where  the  outputs  can  be 
clearly  specified  and  where  the  activities  in  each  module  can  be 
performed  relatively  independently  without  relying  on  activ¬ 
ities  in  other  parts  of  the  application.  For  example,  at  the  IT 


CIOs  are  naturally  positioned 
to  play  a  major  role  in  helping 
companies  deploy  loosely 
coupled  technology. 

level,  it  makes  sense  to  create  a  separate  module  for  currency 
conversion  in  an  order  entry  application  so  that  introductions 
of  new  currencies  can  be  handled  independently  without  affect¬ 
ing  the  rest  of  the  order  entry  procedures.  The  currency  con¬ 
version  module  should  be  designed  from  the  outset  as  a  service 
that  can  be  used  by  a  broad  range  of  applications— not  only 
order  entry  but  also  procurement,  expense  report  processing, 
financing  and  any  other  application— in  a  wide  range  of  com¬ 
puting  environments  distributed  around  the  world. 

But  modularity  is  not  enough.  Loose  coupling  also  seeks  to 
create  standardized  ways  of  describing  the  procedures  or  infor¬ 
mation  contained  within  the  modules.  In  the  IT  domain,  this  is 
one  of  the  major  advances  of  Web  services  technology;  through 
the  Web  services  description  language  (WSDL),  it  defines  a 
set  of  standards  for  creating  documents  that  describes  what  a 
Web  service  offers,  how  it  communicates  and  where  to  find  it. 
Because  these  standards  have  been  widely  adopted  throughout 


and  then  it  hits  you:// 

EX-EMPLOYEES  NO  LONGER  WORK 
FOR  YOUR  COMPANY.  SO  HOW  COME  THEY 
CAN  STILL  WORK  WITH  YOUR  DATA? 

Novel!. 

find  out  more  at  novell.com 


©2005  Novell,  Inc,  All  rights  reserved,  Novell  is  a  registered  trademark  of  Novell,  Inc.  in  the  United  States  and  other  countries. 


John  Hagel  &  John  Seely  Brown  [  keynote 


the  technology  community,  we  are  now  able  to  access  a  much 
broader  range  of  modules  or  services.  For  example,  the  devel¬ 
oper  of  a  new  app  could  quickly  make  use  of  the  currency  con¬ 
version  module  based  on  the  information  provided  in  the 
interface  document  and  just  as  easily  switch  to  another  cur¬ 
rency  conversion  module  if  it  offered  better  functionality  (say, 
more  frequent  updates  of  conversion  rates). 

Loose  coupling  is  attractive  on  many  levels.  By  making  it  eas¬ 
ier  to  move  modules  in  and  out  depending  on  need,  it  enhances 
flexibility.  For  example,  a  loosely  coupled  IT  environment 
might  make  it  easier  for  an  insurance  company  to  access  a 
novel,  highly  specialized  algorithm  that  allows  it  to  assess  risk 
in  certain  categories  of  commercial  buildings  in  a  more  rigor- 

Loose  coupling  makes  it  easier  to  improvise  without  worry 
about  disruptions  elsewhere  in  the  system. 

&  Fung  has  assembled  a  loosely  coupled  process  network  of 
7,500  business  partners  around  the  world. 

Li  &  Fung  can  orchestrate  this  complex  and  highly  flexible  net¬ 
work  because  it  focuses  on  defining  standardized  ways  of  spec¬ 
ifying  outputs  from  each  partner  and  leaves  decisions  on  how  to 
execute  against  the  outputs  up  to  each  partner.  For  example,  it  pro¬ 
vides  a  standardized  way  of  representing  color  for  the  garments, 
but  does  not  tell  its  partners  how  to  produce  this  color. 

At  the  IT  level,  Li  &  Fung  is  now  deploying  Web  services 
technology  and  building  an  SOA  extending  across  its  entire 
process  network  to  support  its  loosely  coupled  business 
processes.  This  kind  of  architecture  is  attractive  for  Li  &  Fung 
because  it  does  not  require  its  business  partners  to  rip  out 
existing  technology  and  adopt  a  common  set  of  technology 
platforms.  Instead,  each  partner  can  use  Web  services  stan¬ 
dards  to  implement  loosely  coupled  interfaces  for  their  exist¬ 
ing  applications  and  databases  and  automate  connections  with 
other  business  partners  in  the  Li  &  Fung  network. 

Using  a  loosely  coupled  management  approach,  Li  &  Fung 
has  been  able  to  compress  cycle  times  across  its  global  apparel 
supply  chains  from  months  to  weeks,  exceeding  the  perform¬ 
ance  of  more  hardwired  competitors.  In  highly  demanding,  fast- 
moving  industries  like  apparel  and  consumer  electronics,  loosely 
coupled  approaches  could  not  possibly  succeed  without  deliver¬ 
ing  against  aggressive  cost,  performance,  quality  and  cycle  time 
requirements.  Li  &  Fung’s  strategy  is  quite  successful.  It  generates 
more  than  $5  billion  in  revenue  and  has  grown  at  double-digit 
rates  over  many  years.  With  only  5,000  employees  of  its  own,  Li 
&  Fung  generates  about  $1  million  in  revenue  per  employee.  In  an 
industry  accustomed  to  razor-thin  margins,  Li  &  Fung  is  also 
quite  profitable,  with  30  percent  to  50  percent  return  on  equity. 

Trust  Is  Paramount 

Effective  loose  coupling  requires  the  formation  of  long-term 
relationships  among  business  participants  that  are  far  richer 


ous  way  than  a  more  general  algorithm  might.  Hence,  the  com¬ 
pany  no  longer  has  to  rely  on  a  single  general  purpose  algorithm 
to  cover  all  commercial  buildings.  Instead,  it  can  use  best-in¬ 
class  algorithms  for  specific  insurance  categories  and  thereby 
manage  its  risk  exposure  more  effectively. 

Loose  coupling  is  likely  to  be  even  more  attractive  in  the 
long  term  because  of  its  role  in  enhancing  innovation.  To  begin 
with,  orchestrators  of  these  systems  can  recombine  modules  in 
creative  ways  to  deliver  distinctive  value.  For  example,  online 
stockbrokers  are  using  loosely  coupled  IT  architectures  to 
bring  together  a  rich  array  of  specialized  information  in  highly 
tailored  ways  to  serve  the  needs  of  high  net-worth  investors. 
Investors  need  detailed  information  about  the  performance  of 
their  portfolios,  as  well  as  access  to  a  variety  of  specialized 
third-party  information— analyst  reports,  technical  charts, 
company  profiles,  macroeconomic  data  and  so  on— to  make 
better  investment  decisions.  SOAs  enable  stockbrokers  to 
assemble  a  much  broader  array  of  resources  for  their  investors 
so  that  stockbrokers  can  experiment  with  new  ways  of  com¬ 
bining  data  and  analytic  techniques. 

Innovation  by  recombining  modules  is  just  the  beginning. 
Loose  coupling  facilitates  rapid  incremental  innovation  within 
modules  as  well.  By  reducing  interdependencies  across  modules, 
loose  coupling  makes  it  easier  to  experiment  and  improvise 
within  a  module  without  worrying  about  unanticipated  dis¬ 
ruptions  in  other  parts  of  the  system.  In  this  respect,  loose  cou¬ 
pling  at  the  IT  level  amplifies  the  potential  for  rapid  incremental 
innovation  through  loose  coupling  at  the  business  process  level. 

The  Li  &  Fung  Story 

Given  the  limitations  of  hardwired  approaches,  it  is  not  sur¬ 
prising  that  some  companies  have  begun  to  develop  an  alter¬ 
native  strategy  in  designing  business  processes.  One  of  the 
companies  pioneering  this  alternative  approach  at  the  busi¬ 
ness  process  level  is  a  Chinese  company,  Li  &  Fung,  based  in 


Hong  Kong.  Li  &  Fung  is  very  well-known  in  the  apparel  indus¬ 
try,  but  surprisingly  little-known  outside  this  industry.  Its  cus¬ 
tomers  are  apparel  designers  who  are  located  around  the  world. 
On  their  behalf,  Li  &  Fung  will  orchestrate  highly  customized 
end-to-end  supply  chains  starting  with  the  sourcing  of  yarn  or 
fibers  and  ending  with  delivery  of  assembled  goods  to  specified 
retailer  distribution  centers.  This  could  involve  bringing 
together  dozens  of  specialized  participants  on  a  global  scale  to 
ensure  that  appropriate  capabilities  are  brought  to  bear,  for 
example,  to  produce  high-end  wool  sweaters  targeted  to  the 
European  market  versus  synthetic-fiber  slacks  targeted  to  the 
U.S.  market  where  a  quite  different  set  of  companies  might  be 
required.  This  enormous  flexibility  is  made  possible  because  Li 


36 


SEPTEMBER  1,  2005  |  www.cio.com 


than  conventional  transaction-based  relationships.  Loose  cou¬ 
pling  cannot  work  without  significant  investment  in  building 
trust-based  relationships  among  participants.  These  business 
elements  need  to  be  woven  together  with  technology  elements 
to  provide  the  foundation  for  shared  meaning,  trust  and  orches¬ 
tration  to  develop  and  evolve. 

So  far,  the  loosely  coupled  approach  to  business  process 
management  has  been  implemented  across  the  boundaries  of 
enterprises  in  order  to  coordinate  business  processes  span¬ 
ning  multiple  companies.  We  expect  that,  over  time,  this 
approach  will  be  applied  to  business  process  management 
within  the  enterprise  as  well.  Hard  wiring  within  the  enterprise 
has  given  companies  cost  savings,  but  at  the  expense  of  flexi¬ 
bility.  As  companies  see  the  performance  benefits  of  loose  cou¬ 
pling,  they  will  want  to  embrace  this  approach  within  the 
enterprise  to  enhance  flexibility  there  as  well. 

CIOs  are  naturally  positioned  to  play  a  leadership  role  in 
helping  companies  to  adopt  and  deploy  these  loosely  coupled 
technology  platforms.  They  would  do  well  to  start  with  busi¬ 
ness  functions  that  have  the  greatest  interaction  with  third 
parties  (for  example,  sales  and  marketing,  customer  support, 
procurement  and  supply  chain  management).  This  completely 
flips  the  historical  pattern  of  IT  deployment  that  started  within 


the  centralized  “glass  house”  and  eventually  reached  functions 
that  dealt  with  external  business  partners  and  only  in  a  very 
limited  way  touched  business  partners  (for  example,  through 
EDI  connections  and  Web-based  portals).  By  tying  IT  archi¬ 
tecture  evolution  to  the  most  pressing  current  business  needs, 
CIOs  can  mobilize  support  from  their  business  colleagues  for 
more  ambitious  architectural  migration  strategies. 

More  broadly,  CIOs  can  help  nontechnology  line  execu¬ 
tives  to  understand  the  compelling  benefits  created  by  a  loosely 
coupled  design  approach.  In  focusing  on  the  business  appli¬ 
cations  of  loose  coupling,  CIOs  have  the  potential  to  become 
major  players  in  the  next  wave  of  innovation.  HH 


John  Hagel  and  John  Seely  Brown  are  coauthors  of  a  new  book 
called  The  Only  Sustainable  Edge:  Why  Business  Strategy  Depends  on 
Productive  Friction  and  Dynamic  Specialization.  Hagel  is  a  manage¬ 
ment  consultant  who  spent  16  years  with  McKinsey  &  Co.  He  can  be 
reached  at  john@johnhagel.com. 

Brown,  the  former  chief  scientist  at 
Xerox,  is  now  a  visiting  scholar  at 
the  University  of  Southern  Califor¬ 
nia.  He  can  be  reached  at  jsb@ 
johnseelybrown.com. 


and  then  it  hits  you:// 

YOU  CAN  IMPROVE  THE  PRODUCTIVITY 
OF  YOUR  SUPPORT  STAFF  BY  45% 

USING  RESOURCE  MANAGEMENT. 

Novell. 

find  out  more  at  novell.com/ZENworks 


<92005  Novell,  Inc.  All  rights  reserved.  Novell  is  a  registered  trademark  of  Novell,  Inc.  in  the  United  States  and  other  countnes. 


Jjyyi.  C&sh  FROM  THE  BOARDROOM 


Your  New  Mandate: 
Meet  the  Customer 

Why  it’s  up  to  CIOs  to  ensure  their  companies  are  focused  on  external 
customers— one  at  a  time  by  james  cash  with  keri  pearlson 


ow  leading  companies  generate  revenue  has 
evolved  over  the  past  20  years:  from  managing 
markets  to  managing  market  segments  to  managing 
customers.  This  shift  creates  significant  issues  for 
the  board  of  directors  and  the  entire  executive  team,  including 
the  CIO.  If  this  change  in  strategy  hasn’t  affected  your  company 
and  industry,  you  are  in  a  distinct  minority. 

For  the  average  CIO  today,  external  customers  are  not  a  pri¬ 
mary  concern.  Yet  the  CIO  is  uniquely  positioned  to  help  the 
executive  team  address  customer  management,  for  two  rea¬ 
sons.  First,  the  CIO  is  usually  one  of  the  most  senior  executives 
with  a  broad  process  view  of  the  corporation.  It  is  the  role  of 
information  systems  to  span  functional,  geographical  and  hier¬ 
archical  boundaries.  Second,  the  way  information  is  collected, 
stored  and  delivered  can  either  help  or  hinder  the  corporation 
in  managing  customers.  The  CIO  is  best  placed  among  execu¬ 
tives  to  understand  what  these  information  needs  are  and  to 
ensure  that  data  systems  can  deliver  the  information  needed  by 
the  company  to  support  this  marketing  requirement. 


The  Right  Way  to  Focus  on  Your  Customers 

The  traditional  belief  that  simply  increasing  market  share  trans¬ 
lates  directly  into  higher  profitability  has  been  proven  false  in 
our  current  economy.  You  need  look  no  further  than  the  U.S.  air¬ 
line  and  automotive  industries  to  note  that  market  share  lead¬ 
ers  are  not  the  most  profitable  companies. 

Deciding  who  to  serve  is  a  critical  decision  for  any  organi¬ 
zation.  One  of  the  world’s  experts  on  this  topic,  Harvard  Busi¬ 
ness  School  Professor  Das  Narayandas,  says,  “Who  we  are 
affects  who  we  can  serve,  and  who  we  serve  affects  who  we  will 


3  8 


SEPTEMBER  1,  2005  |  www.cio.com 


ILLUSTRATION  BY  ANTHONY  FREDA 


As  a  CIO,  you  have  the  unique  ability,  and  therefore  the 
responsibility,  to  ensure  that  marketplace  discussions  are 
focused  on  the  customer  at  a  very  granular  level. 


be.”  In  today’s  business  world,  a  company’s  customer  set  defines 
what  products  and  services  it  will  offer. 

Another  of  a  company’s  most  important  decisions  is  identi¬ 
fying  who  should  be  excluded  from  the  customer  list.  Serving  a 
specific  customer  can  sometimes  preempt  your  ability  to  serve 
others.  The  most  obvious  example  is  working  with  one  large  cus¬ 
tomer  on  a  proprietary  component  for  its  product,  which  may 
require  an  agreement  to  not  provide  similar  technology  for  its 
competitors,  thereby  excluding  other  potential  customers.  Send¬ 
ing  unprofitable  customers  to  your  competitors  can  sometimes 
actually  contribute  to  your  comparative  advantage. 

Although  executives  usually  acknowledge  the  importance  of 
customer  targeting,  in  many  companies  salespeople  are  left  to 
develop  a  de  facto  marketing  strategy  at  the  customer  level. 
As  Narayandas  points  out,  since  a  salesperson’s  behavior  is 
directly  affected  by  compensation  schemes,  letting  salespeople 
determine  whom  to  sell  to  is  one  sure  way  to  get  into  trouble. 
Segmenting  and  prioritizing  customers  must  be  an  executive- 
level  decision. 


Narayandas  outlines  four  steps  for  customer  management: 

1.  Develop  a  clear  vision  of  the  customers  to  serve  and  not 
serve. 

2.  Develop  and  manage  a  portfolio  of  customer  relation¬ 
ships— the  set  of  activities  that  serve  the  customers. 

3.  Monitor  the  health  of  customer  relationships— understand 
whether  customers  are  satisfied  with  the  activities  designed  for 
them. 

4.  Link  the  customer  management  effort  to  economic 
rewards— that  is,  the  benefits  to  the  company  and  its  employ¬ 
ees  for  successful  management  of  customer  relationships. 

Marketing  Information  Systems 

As  we  transition  from  the  Industrial  Age  to  the  Service  Economy, 
customer  retention  and  loyalty  have  become  better  predictors  of 
profitability  than  have  traditional  measures  of  market  share. 
Scale  is  still  important,  but  it  must  be  attained  with  an  increased 
focus  on  customer  selection  and  management  that  facilitates 
the  design  of  an  efficient  product/service  delivery  system. 


and  then  it  hits  you:// 

29  APPLICATIONS.  7  PLATFORMS. 

JUST  ONE  PASSWORD.  NO  WONDER  IT’S 
THE  LEADER  IN  SINGLE  SIGN-ON. 

Novell 

find  out  more  at  novell.com 


©2005  Novell,  Inc.  All  rights  reserved.  Novell  is  a  registered  trademark  of  Novell,  Inc.  in  the  United  States  and  other  countries. 


Jim  Cash  FROM  the  boardroom 


Understanding  which  customers  are  profitable  is  a  matter  of 
studying  what  it  costs  to  serve  each  customer  and  the  price  of 
the  products  or  services  they  buy.  Surprisingly,  in  most  com¬ 
panies  there  is  little  analysis  done  of  the  cost-to-serve  and 
prices,  and  frequently  no  relationship  between  them. 

Obviously,  when  prices  or  the  cost-to-serve  is  too  high,  the 
situation  is  not  sustainable.  Success,  then,  comes  from  build¬ 
ing  a  portfolio  of  customer  relationships  in  which  customers 
pay  a  fair  price  for  goods  or  services  developed  at  a  profitable 
cost-to-serve  for  the  corporation.  This  portfolio  is  built  through 
a  delicate  combination  of  product  development,  service,  sales 
incentives— and  information  management. 

The  CIO’s  Role  in  Reaching  External 
Customers 

As  a  CIO,  you  have  the  unique  ability,  and  therefore  the  respon¬ 
sibility,  to  ensure  that  marketplace  discussions  are  focused  on 
the  customer  at  a  very  granular  level.  Most  organizations  have 
not  restructured  to  reflect  market  changes  and  shifting  cus¬ 
tomer  requirements  and  power.  Industrial  Age  organizational 
structures  still  dominate  many  companies.  They  were  designed 
to  implement  mass  production  and  vertical  integration  strate¬ 
gies,  rather  than  the  highly  selective  customer  management 
strategies  that  companies  need  now. 

For  example,  a  large  computer  manufacturing  company 
in  the  early  1980s  was  organized  by  relative  size  of  computer 
systems:  a  small  systems  division  (including  PCs),  a  mini¬ 
computer  division  and  a  mainframe  systems  division.  For 
many  years,  this  product  focus  had  provided  significant  effi¬ 
ciency  in  the  development  and  delivery  of  the  company’s  prod¬ 
ucts  and  related  services.  As  long  as  customer  buying  power 
was  low  and  there  was  minimal  overlap  of  customers  across  the 
business  unit  boundaries,  the  product-focused  organizational 
structure  was  appropriate. 

But  by  the  mid- ’80s,  customers  wanted  to  implement  MRP- 
II  solutions  that  required  highly  integrated  applications,  which 
used  systems  from  all  three  divisions.  Customers  were  required 
to  navigate  through  the  company’s  organizational  structure  and 
cross  the  business  unit  borders.  It  took  the  company  six  years 
to  understand  and  respond  to  these  emerging  customer  needs, 
since  the  internal  organization  (which  was  initially  designed 
with  customer  needs  in  mind)  was  blind  to  this  evolution.  Until 
executives  recognized  that  the  market  was  requesting  integrated 
solutions,  the  company  continued  to  be  product-focused  and  to 
build  systems  for  each  siloed  business  unit. 

An  organizational  structure  that  isn’t  aligned  with  market¬ 
place  requirements  causes  misinterpretation  of  important  data. 
When  customer  requests  are  viewed  through  a  product  lens,  a 
company  might  respond  in  a  way  that  actually  conflicts  with 
customer  needs,  as  the  computer  maker  did.  CIOs  must  look  to 
the  marketplace  and  customers  to  ensure  that  information  sys¬ 
tems  are  responding  to  their  requirements,  regardless  of  how 


CIOs  must  apprise  executive 
colleagues  of  customer  activ¬ 
ity  changes  that  affect  the 
company's  goods  or  services. 

the  company  is  internally  organized. 

The  CIO’s  role  is  to  ensure  the  data  that  matches  marketplace 
and  customer  requirements  is  brought  to  light  and  brought  to 
the  attention  of  the  rest  of  the  company.  Doing  this  requires  a 
horizontal  view  of  the  business,  and  the  CIO  is  one  of  the  best 
C-level  executives  to  have  this  view.  He  or  she  has  allies  in  the 
organization,  such  as  the  supply  chain  owner  and  the  quality 
management  owner.  But  the  CIO  is  often  the  senior-most  exec¬ 
utive  with  this  view.  CIOs  are  best-positioned  on  the  executive 
committee  to  present  this  horizontal  view. 

CIOs  must  keep  their  executive  colleagues  apprised  of  sev¬ 
eral  important  areas: 

si  Changes  in  customer  and  marketplace  activity  that  could 
affect  the  company’s  goods  or  services 

a  Internal  organizational  structures  that  potentially  could 
be  at  odds  with  customer  needs 

■  Information  systems  that  target  only  the  present,  or  are 
based  on  an  outdated  past  perspective,  and  thereby  obscure 
future  views  of  the  business 

These  responsibilities  hold  significant  ramifications  for 
CIOs.  First,  you  must  make  sure  that  your  company  is  fully 
committed  to  the  shift  to  customer  management.  Second,  you 
have  to  ensure  that  the  information  your  corporation  collects 
is  parsed  and  granular  enough,  down  to  the  customer  level,  to 
enable  customer  management. 

This  may  mean  driving  a  set  of  activities  aimed  at  changing 
the  sales-force  data-collection  activities— something  the  CIO 
doesn’t  typically  lead.  It  may  mean  driving  a  change  in 
the  marketing  and  sales  processes  to  ensure  availability  of 
customer-level  data.  It  may  mean  crafting  a  vision  to  make 
sure  the  company  is  positioned  to  appropriately  respond  to  a 
shift  from  market  segments  to  customer  management.  For 
some  business  leaders,  that  is  a  hard  pill  to  swallow. 

It’s  essential  that  you  navigate  these  political  hurdles,  how¬ 
ever.  If  your  company  can’t  stay  close  to  individual  customers  and 
change  in  the  ways  that  they  require,  then  you  will  find— as  many 
executives  have  in  the  swiftly  changing  economy  of  recent  years— 
that  your  company  has  lost  the  ability  to  sustain  itself.  HP1 


James  Cash  is  the  emeritus  James  E.  Robison  Professor  of  Business 
Administration  at  Harvard  Business  School,  where  he  was  also  senior 
associate  dean  and  chairman  of  HBS 
Publishing.  Keri  E.  Pearlson  is  a 
research  director  with  The  Concours 
Group  and  coauthor  of  Managing  and 
Using  Information  Systems. 


0 


SEPTEMBER  1,  2005  |  www.cio.com 


Microsoft 


c  2005  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  the  Windows  logo.  Windows  Server,  and  Windows  Server 
System  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 
The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


gfGETTHE  FACTS. 

RADIOSHACK  COMPARED  TCO  AND  FOUND 
WINDOWS  SERVER  SYSTEM  WILL  SAVE 
THEM  MILLIONS. 

"In  upgrading  our  aging  UNIX-based  servers,  we 
considered  both  Windows  Server™  and  Linux. 
Windows  Server  System™  offered  several  advantages, 
including  the  ability  to  consolidate  our  in-store  servers 
by  50%  from  10,200  to  5,100 — and  a  savings  of 
several  million  dollars  in  hardware,  software,  systems 
management,  and  support  costs."  -Ron  Cook,  Vice 
President  and  CTO,  RadioShack  0  RadioShack. 

For  these  and  other  third-party  findings,  go  to 
microsoft.com/getthefacts 


Microsoft' 


Windows 
Server  System 


m— 


Susan  Gramm  executive  coach 


Research  You  Can  Use 

Help  the  IT  consultancies  understand  what  kind  of  research  you  really 
need  to  align  with  business 


As  a  newly  minted  CIO  in  the  early  1990s,  I 
attended  a  Gartner  CIO  conference  and  wondered 
if  I  had  made  a  huge  mistake  by  going  back  into 
IT.  Although  I  forget  the  name  of  the  conference, 
it  should  have  been  called  “CIO  Whining:  Perspectives  on  Incor¬ 
rigible  Users.”  The  ’90s  were  an  ugly  decade  for  IT:  CIOs  (actu¬ 
ally,  many  were  IT  directors)  were,  by  a  long  mile,  a  bunch  of 
poorly  dressed,  middle-aged  white  guys  who  could  be  found 
hiding  in  their  offices.  The  world  had  changed  around  them— 
both  in  terms  of  business  needs  and  technology  capabilities— 
and  they  were  strangers  in  a  strange  land. 

Today,  CIOs  are  a  different  breed.  Although  the  demographic 
hasn’t  shifted  a  lot,  CIOs  aren’t  whining  anymore.  They  under¬ 
stand  the  principles  of  good  IT  leadership  and  are  working 
hard  to  bring  theory  into  practice.  Most  CIOs  have  good  rela¬ 
tionships  with  senior  executives  and  are  involved  with  major 
business  decisions.  They  understand  the  importance  of  strategy 
alignment,  value,  efficiency  and  service.  They  are  building  their 
relationships  and  organizations  so  that  they  can  implement 
improvements  in  governance,  portfolio  management,  architec¬ 
tural  road  maps,  change  management  and  process  discipline. 

We  have  turned  the  corner,  and  the  future  is  bright  for  IT  and 
its  leaders.  For  this  reason,  I  was  taken  aback  when  Forrester 
contacted  me  recently  to  discuss  research  titled  “CIOs  Struggle 
to  Make  the  CIO  Job  Live  Up  to  Its  Promise.”  I  don’t  see  most 
CIOs  struggling— just  working  hard.  I  also  don’t  think  the  CIO 
job  has  failed  to  live  up  to  its  promise.  The  fact  is,  organizations 
are  at  varying  levels  of  maturity  in  their  use  of  IT. 

Overall,  the  state  of  IT  research  is  disappointing.  It’s  volu¬ 
minous,  in  some  cases  incomprehensible,  and  repetitious.  The 


42 


SEPTEMBER  1,  2005  |  www.cio.com 


ILLUSTRATION  BY  BRIAN  TAYLOR 


When  we’re 

smiling... 


Msmm 


...she’s  got  a  very  low  total  cost  of  ownership. 
...he’s  got  network  reliability. 
...they’ve  got  Kyocera  printers  and  MFP’s. 


People  Friendly. 


The  bottom  line...  Kyocera  performs.  Our  award-winning  color  and 
monochrome  printers,  copiers,  and  MFP’s  give  you  outstanding  document 
solutions  that  fit  every  business  need.  Kyocera  uses  advanced  technology  to 
make  things  simple,  and  lets  you  share  documents  with  ease.  And  Kyocera’s 
low  cost  of  ownership  means  bigger  savings.  It  adds  up  to  happier  people  at 
work.  And  smiles  all  around,  www.kyoceramita.com/ us 

The  New  Value  Frontier 

tSKUQCERa 


KYOCERA  MITA  CORPORATION  KYOCERA  MITA  AMERICA,  INC.,  a  group  company  of  Kyocera  Corporation 
©2005  KYOCERA  MITA  CORPORATION  AND  KYOCERA  MITA  AMERICA.  INC.,  “PEOPLE  FRIENDLY”,  THE  KYOCERA  "SMILE"  AND  THE  KYOCERA  LOGO  ARE  TRADEMARKS  OF  KYOCERA 


Susan  Cramm  executive  coach 


promise  of  IT  is  real.  The  research  organizations  need  direction 
so  that  they  can  serve  the  interests  of  the  hands  that  feed  them. 

Forrester  didn’t  ask,  but  I  think  research  titled  “The  C- Level 
Focus  Necessary  to  Exploit  IT’s  Full  Potential”  would  reflect 
today’s  reality  and  provide  much  more  useful  insights.  I  would 
love  to  see  research  that  leverages  lessons  from  other  disci¬ 
plines  and  shares  experiences  from  companies  that  are  mature 
in  their  use  of  technology.  To  realize  IT’s  promise,  you  need 
answers  to  the  following  questions: 

■  How  can  IT  be  fully  incorporated  into  the  business¬ 
planning  process?  IT  needs  to  be  included  as  a  component  of 
business  strategy— as  are  markets,  products,  pricing,  supply, 
finance  and  organization— and  not  as  a  follow-on  plan  developed 
by  the  IT  function.  This  is  a  particularly  difficult  challenge 
because  many  companies  develop  high-level  plans  using  infor¬ 
mal  processes  that  don’t  provide  the  level  of  detail  necessary  to 
drive  the  IT  agenda. 

■  How  can  IT  value  be  made  real  and  practical?  CIOs 
need  business  justifications  for  IT  projects  beyond  financials, 
such  as  cycle  time  or  customer  retention.  These  metrics  are 
essential  to  optimizing  the  IT  project  portfolio  and  positioning 
IT-enabled  business  investments  to  compete  toe-to-toe  with 
other  business  opportunities.  These  justifications  should  be 
used  to  guide  the  focus  of  IT  initiatives  and  hold  the  business 
and  IT  leaders  accountable  for  seeing  them  through. 

■  How  can  business  users  understand  IT  infrastructure 
and  the  associated  economics?  They  must  do  so  to  make 
responsible  decisions  about  opportunities  to  increase  business 
agility  and  reduce  costs.  IT  is  still  using  suboptimal  approaches 
for  infrastructure  investments:  building  infrastructure  by  proj¬ 
ect  or  banking  on  the  goodwill  of  the  CFO.  Neither  approach 
leads  to  the  steady,  consistent  reinvesting  necessary  to  build  and 
maintain  rational  infrastructures. 

■  How  can  the  business  side  address  its  day-to-day  IT 
needs  without  heavy  involvement  from  IT?  IT  capacity  is  a 
bottleneck  in  most  companies,  from  a  resource  and/or  financial 
perspective.  Approaches  that  enhance  IT  self-sufficiency— such 
as  solving  operational  issues,  accessing  data,  modifying  screens 
and  reports,  redesigning  business  processes  and  managing 
projects— help  the  IT  group  focus  on  higher-value  activities. 

■  What  organizational  models  protect  the  long-term  IT 
interests  of  the  enterprise?  You  risk  the  future  of  the  enter¬ 
prise’s  IT  competence  when  you  perform  organizational  sur¬ 
gery-such  as  sourcing— on  a  piecemeal  basis.  CIOs  need  to  go 
beyond  the  centralized,  decentralized  and  federated  models, 
and  define  new  models  that  integrate  business  and  IT,  reflect  the 
networked  nature  of  today’s  organizations  and  address  the  needs 
of  the  future  workforce— while  at  the  same  time  leveraging 
externally  sourced  technical  and  operational  capabilities. 

Edit  the  list  above  to  your  needs  and  tell  your  research  part¬ 
ner  that  you  want  relevant,  focused  and  actionable  research  that 
reflects  the  bright  future  of  IT— rather  than  yesterday’s  ills. 


44  SEPTEMBER  1,  2  005  |  www.cio.com 


Reader  Q&A 


Q:  Please  explain  what  you  mean  by  organizations  being  at 
varying  levels  of  maturity  in  their  use  of  IT. 

A:  The  concept  of  IT  maturity,  which  dates  back  to  the 
1960s,  is  the  notion  that  the  ability  to  leverage  technol¬ 
ogy’s  benefits  is  based  on  organizational  learning  and  capa¬ 
bilities  that  evolve  over  time.  Richard  Nolan  became  famous 
for  introducing  the  IT  maturity  model  in  the  70s.  Since 
then,  the  IT  maturity  concept  has  been  refined  and 
extended  to  discuss  the  stages  of  capability  development  in 
areas  such  as  software  development,  IT-business  align¬ 
ment  and  architecture.  Maturity  models  are  useful  in  that 
they  help  explain  why  certain  capabilities  exist  (or  don’t 
exist)  and  identify  the  things  that  need  to  be  developed  for 
those  capabilities  to  further  evolve.  The  classic  mistake, 
resulting  in  wasted  energies  and  lost  opportunities,  is  to  try 
to  “jump”  stages. 


Q:  I  think  one  underlying  research  topic  is  how  companies 
low  on  the  scale  of  technology  maturity  can  move  up  that 
scale.  Some  companies  have  solved  all  the  problems  on  your 
list.  Are  there  lessons  they  can  share  with  companies  lower 
on  the  scale? 

A:  Factors  such  as  industry,  leadership,  organizational 
culture,  size,  growth,  and  competitive  and  regulatory 
pressures  either  accelerate  or  decelerate  companies’  move- 
_  ment  through  the  vari¬ 


Have  a  Leadership  Question? 


ous  stages  of  maturity. 
While  many  research 
organizations  do  a  good 
job  of  defining  the  desired 
future  state  and,  in  some 
cases,  the  stages  of  matu¬ 
rity,  executives  need  help  with  diagnosing  the  barriers  they 
face  and  applying  insights  from  others  to  break  through 
these  barriers. 


For  more  reader  questions  and 
answers  from  Susan  Cramm,  go 
online  to  www.cio. com/090105 

cio.com 


Q:  How  can  the  best  practices  you  mentioned  get  built  into  the 
enterprise  planning  process,  rather  than  being  left  dependent 
on  people— which  means  they  have  to  be  re-created  every 
time  someone  new  comes  in? 

A:  As  you  lead  your  organization  further  through  maturity 
stages,  make  sure  that  you  make  the  gain  worth  the  pain— and 
apply  other  change  management  principles  too— so  that  youBan 
build  and  maintain  the  emotional  momen¬ 
tum  necessary  to  withstand  setbacks.  E3EI 


Susan  Cramm  is  founder  and  president  of  Value- 
dance,  an  executive  coaching  firm  in  San  Clemente, 
Calif.  E-mail  feedbacktosusan@valuedance.com. 


PHOTO  BY  ASA  MATHAT 


t 


plant 


More 


Less 


power 


hP 


nge 


mr-  -1 


iihJlSIi 


m  m . 


MSS 


m 


See  how  HP  Services  and  HP  Consolidation  Solutions  can  help  you  by  downloading 


IDC’s  HP  Addresses  Customer  Choice  by  Expanding  Its  Server  Portfolio  at  hp.com/info/integrity 


2005  Hewlett-Packard  Development  Company,  L.P  Intel,  Intel  logo,  Intel  Inside,  Intel  Inside  logo,  and  Itanium  are  trademarks  or 
registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  Slates  and  other  countries. 


Solutions  for  the  adaptive  enterprise 


ITANIUM 


\ 

.. 


Hi 


f 


Reader  ROI 

::  What  ITIL  is  and  isn't 
and  how  it  really  works 

::  How  increasingly 
companies  are  using 
ITIL  to  improve  their 
quality  of  service 

::  Why  ITIL  is  useful  for 
Sarbanes-Oxley 
compliance,  but  is 
not  a  Sarbox  solution 


MeadWestvaco  CIO 
Jim  McGrane  found  ITIL 
to  be  the  answer  to  his 
need  for  logical  common 
processes  for  IT  operations. 


Part  of  the  CIO  Leadership  Agenda  series 


Cover  Story 


BY  BEN  WORTHEN 


Why  the  IT  Infrastructure  Library  is  becoming  the  most  popular 
process  framework  for  running  IT  in  America,  and  what  it  can  do  for  you 


When  Mead  and  Westvaco— the  country’s  two  largest  forest 
products  and  packaging  companies  at  the  time— merged  in  early 
2002 Jim  McGrane,  then  the  vice  president  of  process  development 
at  Mead,  was  promoted  to  CIO  and  assigned  the  unenviable  task  of 
standardizing  the  new  entity— $7.2  billion  MeadWestvaco— on  a  sin¬ 
gle  SAP  system.  McGrane  had  started  redesigning  Mead’s  order 
management  and  financial  processes  four  years  earlier,  so  it  was 
natural  this  new  job  would  fall  to  him.  But  something  about  the 
project  didn’t  sit  right.  Even  though  he  was  standardizing  the 
processes  the  business  would  follow  and  providing  users  with  a 
system  that  would  enforce  these  new,  more  efficient  processes,  his 
own  department  was  continuing  to  operate  the  same  way  it  always 
had,  following  what  was  basically  a  collection  of  ad  hoc  practices. 


“There  was  no  focus  on  process  for  IT,”  says  McGrane.  The  contra¬ 
diction  was  obvious:  The  group  responsible  for  developing  and  enforc¬ 
ing  a  set  of  common  business  processes  didn’t  have  a  process  of  its 
own.  Consequently,  the  IT  department  wouldn’t  be  able  to  hold  itself 
to  the  same  standards  it  was  applying  to  the  rest  of  the  organization. 

McGrane  and  his  senior  staff  spent  the  better  part  of  2002  coming 
to  grips  with  this  disconnect  by  developing  a  vision  for  the  future  of  the 
IT  department  and  figuring  out  what  core  processes  it  needed  to  get 
there.  McGrane  wanted  a  lean  department,  one  that  could  anticipate 
and  solve  problems  before  they  happened  and  adapt  to  changes  in  the 
business  as  quickly  as  the  business  itself  changed.  The  team  started 
with  the  governance  frameworks  available  but  invariably  hit  a  wall. 
“We  would  look  at  stuff  from  Gartner  and  IBM  and  other  places,  but  it 


Cover  Story 


IT  Governance 


was  never  at  the  level  of  something  you  could  implement,”  McGrane 
says.  ‘‘They  would  give  you  a  description  like  ‘availability  manage¬ 
ment.’  But  [they]  never  really  said  what  these  terms  were.” 

Then  one  of  McGrane’s  staffers  discovered  the  Information  Tech¬ 
nology  Infrastructure  Library  (ITIL),  a  collection  of  best  practices  for 
IT  operations  first  developed  by  the  British  government  20  years 
ago.  It  differed  from  the  other  process  frameworks  they  had  found: 

It  was  high-level  but  had  enough  detail  to  make  the  meaning  of  each 
term  clear  and  show  how  it  could  be  applied  to  an  organization. 
Intrigued,  McGrane  bought  10  copies  (ITIL  is  available  only  as  a  set 
of  books  or  CD-ROMs)  and  he  and  his  team  read  them  over  the 
December  holidays.  At  the  end  of  the  first  quarter  of 2003,  McGrane 
formalized  a  plan  to  rebuild  his  IT  department  using  the  ITIL  frame¬ 
work.  Although  MeadWestvaco’s  transformation  is  still  ongoing,  to 
date  the  company  has  eliminated  more  than  $100,000  annually  in 
IT  maintenance  contracts  and  recognized  a  10  percent  gain  in  oper¬ 
ational  stability.  McGrane  credits  these  gains  and  savings  to  ITIL. 

A  confluence  of  circumstances,  including  the  need  to  demonstrate 
IT’s  contributions  to  the  company  in  an  era  of  outsourcing  and  the 
increased  financial  oversight  mandated  by  the  Sarbanes-Oxley  Act, 
is  leading  CIOs  to  look  harder  at  process  frameworks  for  running  IT. 
Frameworks  help  bring  consistency,  an  ability  to  measure  perform¬ 
ance  and  some  much-needed  scientific  rigor  to  a  field  that,  despite  the 
term  “computer  science,”  historically  has  thought  of  itself  as  an  art. 
Some  of  the  more  popular  frameworks  include  the  Capability  Matu¬ 
rity  Model  (better  known  as  CMM),  Six  Sigma  and  Control  Objectives 
for  Information  and  Related  Technology  (Cobit).  Each  has  a  partic¬ 
ular  area  of  emphasis  (see  “The  Power  of  Processes,”  this  page,  for  a 
comparison  of  the  different  frameworks). 

What  sets  ITIL  apart  is  its  strict  focus  on  IT  operations.  When  used 

The  Power  of  Processes 

How  ITIL  stacks  up  against  other  popular  frameworks 


properly,  ITIL  helps  IT  departments  improve  their  quality  of  service, 
including  increased  system  uptime,  faster  problem  resolution  and 
better  security.  ITIL  has  long  been  popular  in  Europe,  and  now  it  is 
gaining  steam  in  the  United  States.  At  its  2004  data  center  conference, 
Gartner  polled  164  attendees,  most  of  whom  were  from  large  compa¬ 
nies  based  in  the  United  States,  and  found  that  their  awareness  of  and 
familiarity  with  ITIL  had  both  increased  from  the  previous  year,  and 
that  41  percent  reported  using  the  methodology  to  some  degree,  up 
from  31  percent  in  2003. 

But  putting  ITIL  in  place  isn’t  easy.  McGrane  says  the  process 
change  is  so  substantial  that  CIOs  should  treat  an  ITIL  project  the 
same  way  they  would  treat  an  ERP  implementation,  measuring 
progress  in  years,  not  months.  Also,  CIOs  expecting  easy  answers 
will  be  disappointed:  ITIL  doesn’t  offer  any  advice  on  how  to  actually 
implement  the  best  practices  it  catalogs,  a  lacuna  that  can  be  shocking 
to  CIOs  used  to  highly  detailed  software  development  methodologies. 
Perhaps  for  that  reason  a  recent  Forrester  Research  survey  of  CIOs  at 
65  large  global  companies  found  that,  despite  widespread  interest  in 
ITIL,  only  three  percent  were  using  it  as  their  primary  methodology. 
“It’s  in  many  more  organizations  [than  three  percent],  maybe  at  the 
help  desk,”  says  Bobby  Cameron,  vice  president  of  Forrester’s  CIO 
group,  “but  that  doesn’t  mean  that  there  is  organizational  acceptance 
or  that  it  is  part  of  an  overall  strategy.” 

For  many  companies,  however,  ITIL  will  soon  become  much  more 
evident.  Both  the  U.S.  and  Canadian  governments  will  soon  require  IT 
contractors  to  use  ITIL,  as  will  General  Motors.  And  the  potential 
benefits  of  ITIL— including  staggering  improvements  in  customer 
satisfaction  and  operating  efficiency— are  so  great  that  Forrester  has 
concluded  that  it  is  just  a  matter  of  time  until  ITIL  becomes  the  de  facto 
standard  for  all  IT  shops.  “ITIL  is  absolutely  the  best  framework  avail¬ 
able  for  IT  operation,”  says  Cameron.  “There  are  no 
competitors.” 

“[With  ITIL]  we  now  have  the  ability  to  assess 
how  we  are  performing  at  any  point  in  time,”  says 
Suresh  Kumar,  CIO  of  the  brokerage  firm  Persh¬ 
ing.  “As  a  result,  we  can  continuously  improve 
our  processes.  We’ve  identified  [where  we  had 
problem]  bottlenecks,  and  now  the  total  number 
of  problems  is  going  down.  And  we  have  evidence 
to  show  people  that  we  are  improving.” 

ITIL  AT  WORK 

When  someone  at  Pershing  has  an  IT  systems  or 
hardware  problem,  he  calls  the  service  desk  and 
is  directed  to  one  of  four  specialty  areas:  desktop, 
network,  mainframe  or  distributed  systems. 
Thanks  to  ITIL,  which  Pershing  adopted  in  Jan¬ 
uary  2004,  the  specialty  staffer  who  answers  the 
phone  has  a  list  of  previous  similar  incidents  and 
how  they  were  fixed.  If  the  issue  has  not  been 
resolved  after  10  minutes,  a  service  desk  menu 
automatically  identifies  and  pages  the  appropri- 


ITIL  The  IT  Infrastructure  Library  is  a  customizable  framework  of  best  practices  that 
promote  quality  computing  services  in  the  IT  sector.  Built  on  a  process-model  view  of 
controlling  and  managing  operations,  ITIL  addresses  the  structure  and  skill  requirements 
for  an  IT  organization  by  presenting  a  comprehensive  set  of  management  procedures. 

COBIT  Control  Objectives  for  Information  and  Related  Technology  is  a  framework 
for  information  security  that  provides  managers,  auditors  and  IT  users  with  a  set  of 
generally  accepted  IT  control  objectives  to  assist  them  in  developing  appropriate  IT 
governance  and  control  in  a  company. 

CMM  The  Capability  Maturity  Model  is  a  method  for  evaluating  and  measuring  the 
maturity  of  the  software  development  process  of  organizations  on  a  scale  of  1  to  5. 

A  revised  version,  the  Capability  Maturity  Model  Integration  (CMMI),  provides  guidance 
for  improving  an  organization’s  processes  and  a  way  to  manage  the  development, 
acquisition  and  maintenance  of  products  or  services. 

SIX  SIGMA  Six  Sigma  is  a  data-driven  quality-management  program  to  control  varia¬ 
tion  and  thereby  achieve  extremely  high  levels  of  quality.  “Six  sigma”  refers  to  six  stan¬ 
dard  deviations  in  statistical  measurement,  which  in  the  methodology  corresponds  to 
a  maximum  of  3.4  failures  per  million  units. 

SOURCE:  Wikipedia 


48 


SEPTEMBER  1,  2005  |  www.cio.com 


ADVERTISING  SUPPLEMENT 


The Everywhere 

Enterprise 

Permission-based  communications  put  the 
user  in  charge  while  driving  down  TCO 

/T’S  A  FACT:  Todays  enterprise  workers  have  more  devices 
and  more  means  of  getting  in  touch  with  more  people  and 
more  information.  Included  among  these  communications 
tools  are  office  phones,  mobile  phones,  pagers,  email,  text  messaging, 
and  instant  messaging.  You  might  conclude  that  these  workers  must 
be  pretty  happy  with  so  many  great  tools. 


But  you  would  be  wrong.  In  fact, 
workers  are  complaining  loudly  and 
clearly  about  being  overloaded  with 
information.  They  lament  that  they’re 
often  “overly  available”  to  people  and 
communications  that  are  anything  but 
business-critical.  And  this  problem  is 
particularly  acute  for  the  growing  num¬ 
bers  of  mobile  workers.  According  to  a 
recent  study,  CIOs  will  spend  23%  more 
on  wireless  networking  this  year  trying 
to  support  the  often-gnarled  communi¬ 
cations  lines  of  some  24  million  corpo¬ 
rate  teleworkers. 

The  plethora  of  communications 
tools  aside,  what  workers  really  want  is 
solutions  that  ensure  they  get  the  infor¬ 
mation  they  truly  need  when  they  need 
it.  They  want  to  cut  through  all  the  noise 
and  clutter  some  of  these  tools  have 
wrought  to  get  their  jobs  done  better. 

That  is  among  the  chief  findings  of 
a  study  of  some  1,750  enterprise  work¬ 
ers  by  Penn,  Schoen,  and  Berland. 
The  study  painted  a  picture  of  a  com¬ 
munications  landscape  that  is  often 
fragmented,  cumbersome,  and  even 
counterproductive.  Two-thirds  of 
respondents  say  they  frequently  have  to 
leave  multiple  messages  in  different 
places  to  communicate  with  colleagues. 


A  majority  of  the  respondents  added 
that  their  decision-making  process  is 
often  delayed  because  they  either  can’t 
get  timely  responses  from  co-workers 
or  get  no  responses  at  all. 

A  BETTER  WAY 

However,  the  results  also  pointed  to  a 
logical  path  out  of  the  current  chaos — 
a  path  leading  toward  a  communica¬ 
tions  environment  driven  by  individual 
users  wielding  powerful  tools,  and  not 
vice  versa.  In  other  words,  this  path 
leads  to  a  world  of  “permission-based 
communications”  in  which  workers 
can  easily  filter  out  unwanted  informa¬ 
tion,  collaborate  with  greater  ease,  and 
drop  real  cost  savings  to  the  bottom 
line.  In  this  world,  the  user  is  in  charge. 

For  example,  IDC  refers  to  the  phrase 
“user-defined  communications”  when 
it  talks  about  emerging  capabilities  to 
shift  control  of  large-scale  telecommu¬ 
nications  networks  to  individual  users. 
IDC  maintains  that  the  impact  of  this 
communications  shift  could  be  “every 
bit  as  market-shattering  as  the  PC  revo¬ 
lution  of  the  1990s.”  User-defined  com¬ 
munications  could  be  something  as 
simple  as  a  user  setting  up  a  set  of  “find 
me,  follow  me”  rules  through  a  commu¬ 


nications  portal,  directing  incoming 
calls  to  specific  devices  at  specific 
times. 

As  IDC  sees  it,  the  movement  toward 
user-defined  communications  will  pro¬ 
vide  the  kind  of  relief  sought  by  the 
respondents  to  the  Penn,  Schoen,  and 
Berland  study — relief  that  carries  sig¬ 
nificant  potential  business  value  for  the 
enterprise.  Benefits  include  a  respite 
from  “option  shock”  (the  pain  users 
bear  when  trying  to  weed  their  way 
through  a  forest  of  communications 
tools);  the  end  of  telecom  gridlock,  in 
which  varied  communications  tools 
work  marginally  or  poorly  with  one 
another,  necessitating  multiple  phone 
numbers  or  voicemail  boxes;  and  an 
end  to  communication  fragmentation, 
where  end  users  of  different  tools  and 
services  are  unable  to  communicate 
with  one  another  except  in  some 
kludgey  fashion. 


Custom  Publishing 


SIEMENS 


ADVERTISING  SUPPLEMENT 


Communications  Made  to  Order 

Saving  time  and  money  with  Siemens 
HiPath  OpenScape 

AS  ANY  EXECUTIVE  KNOWS, 
the  greatest  enemy  of  productivity 
is  wasted  time.  So  by  association,  any 
business  solution  that  more  easily  and 
quickly  puts  workers-especially 
mobile  workers-in  communication 
with  one  another  and  with  the  vital 
corporate  information  they  need  is  an 
ally  of  productivity. 

The  HiPath  OpenScape  middleware 
solution  from  Siemens  represents  just 
such  a  business  solution,  designed  to 
speedily  synchronize  people  and 
information  and  thereby  expedite 
intelligent  decision  making.  By  elimi¬ 
nating  time-consuming  steps  often  associated  with  business 
communications,  HiPath  OpenScape  drives  down  the  total 
cost  of  ownership  of  communications  resources  and  drives 
up  productivity. 

Capable  of  working  in  any  IP  infrastructure  environment, 
HiPath  OpenScape  knits  together  phones,  video,  voicemail, 
email,  text  messaging,  instant  messaging,  calendaring,  and 
conferencing  services.  Moreover,  HiPath  OpenScape  inte¬ 
grates  these  fast-growing  communications  services  into 
existing  business  processes  and  applications,  driving  further 
productivity  gains. 

Working  within  the  HiPath  OpenScape  environment,  a 
user  can  glance  quickly  at  her  contact  list  and  see  in  real  time 
how  a  particular  contact  has  set  his  status-in  his  office,  for 
instance,  or  at  a  meeting  or  at  lunch.  Then  she  can  determine 
the  best  way  to  reach  him,  such  as  phone,  instant  messaging, 
or  email,  without  any  false  starts  and  wasted  time.  Or,  with  a 
single  click,  a  HiPath  OpenScape  user  can  initiate  a  confer¬ 
ence  with  team  members  and  easily  share  documents.  Users 
can  also  launch  a  multi-media  session  by  starting  a  Web  con¬ 
ference  with  popular  tools  such  as  Microsoft’s  Live  Meeting. 

Managers  can  be  assured  that  ample  security  has  been 
baked  into  HiPath  OpenScape,  including  Microsoft  .NET 
security  features  leveraged  by  managed  software  compo¬ 
nents.  HiPath  OpenScape  also  features  support  for  standard 
security  protocols  such  as  Kerberos,  TLS,  and  IPSec. 

For  more  information  on  HiPath  OpenScape,  the  next-gen¬ 
eration,  presence-aware,  real-time  communications  solution, 
go  to  www.siemens.com/openscape. 


CHAOS  KILLER 

The  simple  truth  is  that  enterprise  com¬ 
munications  got  to  where  they  are  today 
because  most  companies  built  a  world 
of  communications  islands  and  silos. 
Communications  often  are  redundant 
because  tools  are  redundant.  Employees 
are  saddled  with  multiple  communica¬ 
tions  applications  and  therefore  have  to 
check  multiple  voice  mailboxes  and 
email  accounts.  To  compound  the  con¬ 
fusion,  each  of  these  accounts  has  a  dif¬ 
ferent  user  interface.  Workers  may  press 
7  for  delete  on  their  cell  phones,  but  at 
the  corporate  office,  they  press  3.  This 
is  but  one  small  example  of  the  commu¬ 
nications  kludge  that  is  the  rule  rather 
than  the  exception  today. 

For  its  part,  Gartner,  Inc.  talks  about 
the  capability  of  “unified  communica¬ 
tions”  to  boost  both  individual  and 
group  productivity.  Gartner  notes  that 
unified  communications  technology  is 
rapidly  developing  and  maturing,  hold¬ 
ing  forth  the  enterprise  potential  of 
“significant  value.”  In  its  research  note 
on  unified  communications  released 
earlier  this  year,  Gartner  noted  that  the 
HiPath  OpenScape  middleware  solution 
offered  by  Siemens  (see  sidebar,  this 
page)  “is  the  most  open  and  mature  of 
the  [unified  communications]  products 
in  the  market.”  In  fact,  in  its  Magic 
Quadrant  for  unified  communications 
in  2005,  Gartner  placed  Siemens  in  the 
top  right  quadrant,  based  on  complete¬ 
ness  of  vision  and  ability  to  execute.  * 

Meanwhile,  IDC  notes  that  Siemens 
has  “made  real  progress... with  its 
OpenScape  front  end,  which  empha¬ 
sizes  the  communications  portal  aspect 
of  real  time  communications.”  In  fact, 
IDC  says  that  the  communications  por¬ 
tal  is  at  the  very  heart  of  permission- 
based,  highly  personalized  communica¬ 
tions  systems,  and  for  several  reasons. 
For  example,  portals  can  function  as  a 
central  aggregation  point  for  the  kinds 
of  communications  transactions 
today’s  workers  most  often  encounter, 
such  as  instant  messaging,  voicemail, 
email,  and  many  others.  Thus  users  can 
exploit  the  capabilities  of  the  communi¬ 
cations  portal  to  gain  control  of  these 


ADVERTISING  SUPPLEMENT 


Degree  of  Mobility 


Mobile 

Employee 


In  Building 


Mobile 

Workforce 


Figure  1 


Extended  Campus 
Nomadicity 


Anywhere 

Seamless 


transactions.  IDC  says  portals  also  are 
the  best  way  for  individual  users  to 
intelligently  integrate  the  often  dis¬ 
parate  services  and  devices  they  face, 
concluding  with  this  thought:  “The  idea 
is  that  end  users  can  sit  at  their  commu¬ 
nications  dashboards  and  have  control 
over  their  myriad  communications 
options  and,  thereby,  both  enhance  pro¬ 
ductivity  when  applicable  or,  if  the  situ¬ 
ation  requires  it,  create  lifestyle  parti¬ 
tioning  as  appropriate.” 

A  BOOST  FOR  PRODUCTIVITY 

Analysts  and  market  watchers  agree 
there  is  significant  business  value  to  be 
gained  from  moving  toward  an  enter¬ 
prise  network  model  centered  on  per¬ 
mission-based  communications,  par¬ 
ticularly  given  the  increasingly  mobile 
nature  of  the  workforce.  Consider  figure 
1  at  right,  outlining  three  distinct  stages 
of  enterprise  mobility. 

In  the  first  stage,  workers  are  given 
special  tools  to  make  them  productive 
when  on  the  road  or  working  remotely. 
This  is  appropriate  for  organizations 
that  have  low  mobility  needs.  Right 
now,  most  enterprises  are  positioned 
in  the  lower  left  part  of  the  diagram.  A 
few  bleeding-edge  enterprises  have 
achieved  some  success  in  making  their 
applications  mobility-enabled,  gain¬ 
ing  some  degree  of  what  is  called 


“extended  campus  nomadicity.” 

In  the  second  stage,  there  is  a  con¬ 
certed  effort  on  the  part  of  the  enter¬ 
prise  to  make  employees  productive 
when  they  are  remote,  in  a  hotel,  or  just 
sitting  in  a  different  cubicle  every  day. 
But  it  is  only  in  specific  communica¬ 
tions  islands  that  employees  can  stay 
connected.  Access  to  the  corporate  net¬ 
work  and  back-office  applications  is 
intermittent  at  best. 

The  goal  is  to  get  to  the  third  stage, 
where  employees  have  seamless  access 
to  the  corporate  network  anytime  and 
anywhere,  without  interruptions.  Given 
that  the  lifeblood  of  most  organizations 
is  a  network  of  complex  applications, 
being  able  to  tap  into  them  at  will  any 


time  and  any  place  is  a  major  produc¬ 
tivity  boost  for  any  enterprise.  This  is 
the  stage  most  organizations  are  trying 
to  reach  in  their  desire  to  get  beyond  the 
problem  of  getting  workers  connected 
to  each  other,  to  communications  tools, 
and  to  back-office  applications. 

This  is  also  the  region  of  permission- 
based  communications  (see  figure  2, 
below)  where  the  user  controls  who  can 
reach  him  when  and  on  what  device  or 
application  by  filtering  inbound  com¬ 
munication.  Consider  a  sales  executive 
at  an  important  meeting  awaiting  just 
one  important  call  with  a  piece  of  criti¬ 
cal  data.  Without  filtering,  the  executive 
would  have  two  choices:  turn  her  phone 
off,  or  leave  it  on  and  potentially  disrupt 


ADVERTISING  SUPPLEMENT 


Second  Generation  IP  Gives  CIOs  New  Options 

Traditional  Ways  to  Purchase 

W:  j 

Purchase  CPE  Centrex 


New  and  Emerging  Ways  to  Purchase 


Managed  Service 

Centrex 

Purchase  CPE  •  Managed  Service 

•  Fixed  •  Mobile 

Provider 

Centrex  Centrex 

•  System  Integrator 

Vertical  Specialist 


Figure  3 


the  meeting  with  intermittent  ringing 
or  vibrating.  Through  the  use  of  per¬ 
mission-based  communications,  the 
executive  can  hold  all  calls  except  the 
one  she  really  needs. 

FUNDAMENTAL  CHANGES 

A  major  enabler  of  permission-based 
communications  is  a  fundamental  set  of 
changes  in  the  underlying  communica¬ 
tions  architecture.  The  traditional  and 
now  fast-fading  communications  archi¬ 
tecture  mandated  voice  networks  based 
on  the  premises  in  a  classic  star  struc¬ 
ture.  The  result  was  a  relatively  expen¬ 
sive  point-to-point  network  that  was 
anything  but  flexible. 

Early  voice  over  IP  networks  made  it 
possible  to  use  a  distributed  architec¬ 
ture,  with  each  node  in  the  system  serv¬ 
ing  a  specific  region. 

The  now  rapidly  emerging  next  gen¬ 
eration  of  IP  networks  takes  the  enter¬ 
prise  one  step  further,  allowing  the 
deployment  of  communications  solu¬ 
tions  serving  thousands  of  users  from  a 
single  data  center.  This  model  can  liter¬ 
ally  serve  an  entire  continent  from  a 


centralized  data  center  while  delivering 
carrier-class  service  and  reliability. 

For  the  typically  harried  CIO,  this 
next  generation  of  IP  networks  trans¬ 
lates  into  a  host  of  new  options  in  the 
way  he  or  she  addresses  the  company’s 
communications  needs. 

In  the  past,  he  or  she  could  choose 
only  between  customer  premises  equip¬ 
ment  (CPE)  and  Centrex;  today,  the  CIO 
has  a  range  of  choices,  particularly  in 
relation  to  capital  spending  and  expens¬ 
es.  For  example,  if  a  CIO  is  trying  to 
hold  down  capital  expenses,  he  or  she 
may  choose  to  consider  one  of  the 
options  in  the  middle  or  on  the  far  right 
of  Figure  3  above,  because  going  to  a 
managed  service  provider  will  help 
minimize  capital  expenses.  Or,  for 
another  example,  if  a  hospital  CIO  is 
already  working  closely  with  a  network 
services  provider,  with  the  provider 
handling  all  the  hospital’s  clinical 
records  and  imaging,  it  would  make 
sense  to  explore  the  option  of  deploying 
communications  right  out  of  the  data 
center  that  is  already  handling  all  of  the 
records  and  imaging. 


When  it  comes  to  permission-based 
communications,  clearly  the  future  is 
now.  That  should  be  welcome  news  to 
IT  managers  struggling  to  hold  down 
network  and  communication  costs  as 
the  demands  from  users  for  ubiqui¬ 
tous  connectivity  to  data  and  to  one 
another  continue  to  increase,  often 
dramatically. 

Additional  information  on 
enabling  the  Everywhere 
Enterprise  can  be  found  at 
http://enterprise.usa.siemens. 
com/go/whitepapers. 

*  The  Magic  Quadrant  is  copyrighted  2005  by  Gartner,  Inc. 
and  is  reused  with  permission.  The  Magic  Quadrant  is  a 
graphical  representation  of  a  marketplace  at  and  for  a  spe¬ 
cific  time  period.  It  depicts  Gartner's  analysis  of  how  certain 
vendors  measure  against  criteria  for  that  marketplace,  as 
defined  by  Gartner.  Gartner  does  not  endorse  any  vendor, 
product  or  service  depicted  in  the  Magic  Quadrant,  and 
does  not  advise  technology  users  to  select  only  those  ven¬ 
dors  placed  in  the  "Leaders''  quadrant.  The  Magic  Quadrant 
is  intended  solely  as  a  research  tool,  and  is  not  meant  to  be 
a  specific  guide  to  action.  Gartner  disclaims  all  warranties, 
express  or  implied,  with  respect  to  this  research,  including 
any  warranties  of  merchantability  or  fitness  for  a  particular 
purpose. 


CIOI06  The  Year  Ahead 

Issues  ►  Ideas  ►  Impact 
November  6-8, 2005 

Wild  Horse  Pass  Resort,  Phoenix,  Arizona 


With  conference  moderator,  Paul  Saffo, 
Director,  Institute  for  the  Future,  we’ll 
explore  outside  forces  like: 

►  Economic  and  geo-political  trends 

►  Technology  developments 

►  Globalization 

►  Demographics  of  the  U.S.  workforce 

We’ll  analyze  the  impact  these  will  have 
on  your  business. 

And  we’ll  help  you  incorporate  all  this 
into  your  IT  strategy  for  2006. 

Key  topics: 

►  Knowledge  Retention  and  Management: 
Capturing  the  Past  and  Present 

►  Driving  the  Future:  Business  Intelligence 

►  IT  Spending:  Is  Outsourcing  Losing  its  Luster? 

►  Regulatory  Rundown:  A  Look  Ahead 

►  Can  the  U.S.  Remain  Competitive  in  Science 
and  Technology? 

►  Why  Globalization  Can  Work 


The  must  attend  event  for  forward  thinking  CIOs  and 
other  senior  IT  executives. 


To  learn  more,  visit  cio.com/conferences 


Presented  by 

Sponsored  by 

The  Resource  /J  ■  ■  I 

Executives'*00  ^qUailt'  Intel 


i  R  i  s  e 

VISUALIZE  INNOVATE  DELIVER:* 


Cover  Story 


IT  Governance 


ate  subject  matter  expert.  That  person  gets 
one  hour;  if  the  incident  hasn’t  been  fixed  by 
the  end  of  the  hour,  the  IT  department’s  sen¬ 
ior  management,  including  Kumar,  get 
involved  via  a  conference  call.  After  two 
hours,  Kumar  calls  the  business  unit  heads 
to  discuss  the  incident’s  implications  and 
what  action  to  take.  Since  the  service  desk  was  restructured  accord¬ 
ing  to  ITIL  guidelines  12  months  ago,  Pershing’s  incident  response 
time  has  dropped  by  50  percent.  Additionally,  since  incidents  are 
tracked  and  managed  every  time  they  recur,  it’s  easy  for  IT  staff  to 
spot  trends  and  eliminate  many  previously  chronic  problems  by 
performing  a  root-cause  analysis.  Similar  processes  for  making  sys¬ 
tem  changes  and  installing  new  releases  prevent  many  system  con¬ 
flicts  from  ever  happening  in  the  first  place. 

This  is  ITIL  in  a  nutshell.  Because  IT  processes  are  designed  to  flow 
together,  the  value  of  each  set  of  guidelines  is  increased.  “A  company  may 
have  an  outstanding  network  or  mainframe  group,”  says  McGrane. 
“But  if  each  group  is  focused  on  optimizing  the  value  of  its  area,  they  may 
not  be  creating  value  for  the  organization  as  a  whole.”  ITIL  provides  the 
language  and  processes  to  coordinate  all  of  an  IT  department’s  efforts, 

ITIL  in  Brief 

ITIL  books  distinguish  seven  IT  practice  areas 


allowing  it  to  function  like  a  world-class 
orchestra. 

ITIL  was  first  developed  in  the  late  1980s 
by  the  Central  Computer  and  Telecommuni¬ 
cations  Agency,  a  now-defunct  branch  of  the 
CIO.COm  British  government,  as  a  catalog  of  best  prac¬ 
tices  for  government  IT  departments.  Its  use 
soon  spread  to  the  United  Kingdom’s  private  sector,  then  to  European 
companies,  and  over  the  past  several  years  it  has  made  its  way  to  the 
United  States.  Now  in  its  second  version,  ITIL  comprises  seven  books, 
each  of  which  is  about  200  pages  long  and  costs  around  $115.  Each 
volume  is  devoted  to  a  single  practice  area:  service  support,  service 
delivery,  planning  to  implement  service  management,  security  man¬ 
agement,  ICT  (information  and  communications  technology)  infra¬ 
structure  management,  application  management  and  the  business 
perspective  (see  “ITIL  in  Brief,”  this  page). 

To  date,  the  majority  of  U.S.  companies  adopting  ITIL  have  under¬ 
taken  only  two  of  its  practice  areas,  service  support  and  some  corre¬ 
sponding  practices  in  service  delivery.  (ITIL  newcomers  be  warned: 
Many  U.S.  CIOs  and  consultants  will  use  the  term  ITIL  to  refer  to  just 
service  support.)  Because  service  support  is  the  easiest  area  for  many 
IT  organizations  to  improve,  most  CIOs  and  ITIL 
experts  suggest  it  as  a  starting  point. 

There  are  five  processes  within  the  service  sup¬ 
port  book  (some  people  refer  to  these  processes  as 
books  also,  but  that  is  technically  inaccurate), 
each  of  which  complements  the  others.  These 
service-support  processes  are  incident  manage¬ 
ment,  problem  management,  change  manage¬ 
ment,  configuration  management  and  release 
management.  These  processes  are  intended  to 
help  companies  gain  control  of  the  incident  life- 
cycle— that  is,  the  time  from  when  an  incident 
first  develops  up  until  a  system  change  or  a  new 
release  permanently  fixes  it— says  Brian  Johnson, 
a  member  of  the  original  ITIL  development  team 
who  is  now  ITIL  worldwide  practice  manager  for 
Computer  Associates.  Gaining  control  of  the  inci¬ 
dent  lifecycle  should  ultimately  translate  to 
improved  service  levels,  he  says. 

That  was  the  attraction  of  ITIL  for  Jim  Strande, 
vice  president  of  software  engineering  for  the  Col¬ 
lege  Board,  the  organization  that  administers  stan¬ 
dardized  tests  such  as  the  SAT.  He  didn’t  have  a 
formal  service-level  agreement  with  the  business 
for  IT  operations,  but  it  was  clear  that  he  wasn’t 
meeting  its  expectations  about  maintenance  of  the 
company’s  website.  Even  though  Strande’s  IT 
department  had  achieved  99.9  percent  uptime,  that 
still  left  around  nine  hours  a  year  when  the  site 
was  down.  Almost  always,  these  interruptions 
occurred  during  the  40  or  50  days  when  the  Col¬ 
lege  Board  either  registers  test  takers  or  reports 


1.  Service  Support  Describes  the  processes  associated  with  the  day-to-day  support 
and  maintenance  activities  involved  in  the  provision  of  IT  services. 

2.  Service  Delivery  Covers  the  processes  required  for  the  planning  and  delivery  of 
quality  IT  services,  and  looks  at  the  longer-term  processes  associated  with  improving 
the  quality  of  IT  services  delivered. 

3.  Planning  to  Implement  Service  Management  Examines  the  issues  and  tasks 
involved  in  planning,  implementing  and  improving  service  management  processes 
within  an  organization;  also  addresses  the  issues  associated  with  addressing  cultural 
and  organizational  change,  the  development  of  a  vision  and  strategy,  and  the  most 
appropriate  method  of  approach. 

4.  Security  Management  Details  the  process  of  planning  and  managing  a  defined 
level  of  security  for  information  and  IT  services,  including  all  aspects  of  security  inci¬ 
dents.  Also  includes  the  assessment  and  management  of  risks  and  vulnerabilities  and 
the  implementation  of  cost-justifiable  countermeasures. 

5.  ICT  (Information  and  Communications  Technology)  Infrastructure  Management 

Covers  all  aspects  of  ICT  infrastructure  management  from  identification  of  business 
requirements  through  the  procurement  process,  to  the  testing,  installation,  deploy¬ 
ment,  and  ongoing  operation  and  optimization  of  ICT  components  and  IT  services. 

6.  Application  Management  Describes  how  to  manage  applications  from  the  initial 
business  need  through  all  stages  in  the  application  lifecycle,  up  to  and  including  retire¬ 
ment.  Places  emphasis  on  ensuring  that  IT  projects  and  strategies  are  tightly  aligned 
with  those  of  the  business  throughout  the  application  lifecycle,  to  ensure  that  the  busi¬ 
ness  obtains  the  best  value  from  its  investment. 

7.  The  Business  Perspective  Provides  advice  and  guidance  to  help  IT  personnel 
understand  how  they  can  contribute  to  business  objectives  and  how  their  roles  and 
services  can  be  better  aligned  and  exploited  to  maximize  that  contribution. 

SOURCE;  IT  Service  Management  Forum 


ITIL  at  Issue 


To  read  CIO.com  columnist  Dean  Meyer’s 
roundup  of  THE  FIVE  PITFALLS  OF  ITIL  and 

the  lively  reader  discussion  it  sparked,  go  to 

www.cio.com/090105. 


50 


SEPTEMBER  1,  2005  |  www.cio.com 


PHOTO  BY  PETER  MURPHY 


We  now 

have  the  ability  to  assess 
how  we  are  performing 
at  any  point  in  time. 

We've  identified  where 
we  had  bottlenecks,  and 
now  the  total  number  of 
problems  is  going  down. 
And  we  have  evidence  to 
show  people  that  we  are 
improving." 

-SURESH  KUMAR,  CIO,  PERSHING 


scores— the  time  the  business  most  needed  the  site  to  be  up. 

Strande  turned  to  ITIL  to  assess  his  department’s  operations.  The 
review  helped  him  understand  that  the  IT  group  did  not  sufficiently 
track  the  causes  of  incidents.  In  ITIL  lingo,  they  didn’t  distinguish 
between  incidents  (nonstandard  occurrences  of  any  kind)  and  prob¬ 
lems  (underlying  flaws  in  IT  systems,  often  identified  as  a  result  of 
multiple  incidents).  As  a  result,  problems  with  the  website  were  left 
unresolved  and  incidents  were  recurring. 

Using  the  methodology  outlined  in  the  ITIL  service  support  book, 
Strande  reorganized  and  clearly  delineated  the  incident  and  problem- 
management  functions  within  the  operations  group,  training  the  staff 
to  respond  in  specific  ways  to  key  events.  For  example,  if  the  website 
loses  its  connection  to  its  credit  card  processor,  service  desk  staff  now 
know  the  root  cause  and  the  correct  response:  The  telecommunica¬ 
tions  switch  between  the  College  Board  and  the  processor  must  be 


reset  and  the  server  that  handles 
the  transactions  must  be  recycled. 
Overall,  there  have  been  fewer 
recurring  problems,  Strande  says, 
leading  to  improved  service  levels. 

When  the  IT  department  at  Per¬ 
shing  can’t  solve  a  problem  after 
two  hours,  CIO  Kumar  has  to  call 
the  company’s  top  executives— 
even  if  the  time  limit  happens  in 
the  middle  of  the  night.  “It  can  be 
very  uncomfortable  calling  the 
CEO  at  2  a.m.,”  he  says.  Yet  he’s 
done  it  several  times.  Recently,  a 
settlement  clearinghouse  (an  out¬ 
side  company  that  reconciles  a  day’s  trades  in  overnight  batches  for 
brokerage  firms)  suffered  a  system  crash.  Pershing  needs  to  complete 
approximately  12,000  batch  jobs  every  night  to  update  its  books 
and  records,  prepare  online  systems  for  the  next  day,  back  up  data¬ 
bases  and  files,  receive  and  send  electronic  transmissions,  and 
produce  electronic  and  paper  reports.  Kumar  arranged  a  middle- 
of-the-night  conference  call  with  about  30  executives,  running  the 
gamut  from  legal  issues  to  manual  workload  processing  require¬ 
ments,  to  decide  on  the  best  course  of  action. 

“If  we  have  9,000  [updates]  that  won’t  get  run,  it  is  difficult  to 
understand  all  the  implications,”  says  Kumar.  “Usually  no  one  person 
has  the  answers,  so  we  try  to  have  a  good  representation.”  In  this  case, 
the  consensus  was  to  have  managers  come  in  early,  assess  the  work¬ 
load  and  staff  their  areas  accordingly,  while  the  IT  department  looked 
for  a  solution  to  work  around  the  problem  and  support  the  business 


www.cio.com  |  SEPTEMBER  1,  2005 


51 


areas  by  generating  additional  reports.  “I  have  found  that  people  are 
never  upset”  when  he  calls  in  the  middle  of  the  night,  says  Kumar. 
“They  understand  that  there  is  a  problem  and  that  we  have  to  fix  it.” 


There 

are  a  lot  of  things  that 

the  business  does  that  IT 
just  doesn't  know  about. 
ITIL  allows  us  to  align 
ourselves  with  the 
business  instead  of  just 
making  them  angry 
when  something  they 
need  isn't  available." 

-CHRISTINE  ROSE,  DIRECTOR  OF  GLOBAL  IT,  FINISAR 


running  history  of  everything  that 
you  have  done.”  The  CMDB  is 
essentially  a  map  of  every  piece 
of  technology  a  company  owns— 
systems,  routers,  servers,  PCs  and 
so  on— as  well  as  a  catalog  of  every 
change  made  to  each  asset,  the  inci¬ 
dents  linked  to  the  asset,  and  the 
asset’s  relationship  to  the  larger 
technology  environment. 

For  example,  Rose  ran  a  report 
against  the  CMDB  that  found  Fin- 
isar’s  FTP  server  was  responsible 
for  several  recent  incidents.  This 
server  was  used  to  provide  techni¬ 
cal  support  to  end  users,  and 
heavy  usage  was  overwhelming  its  hard  drive.  Rose  was  able  to  solve 
the  problem  by  simply  adding  more  storage  space.  “If  we  did  not 
have  a  history  of  the  server,  we  woidd  not  have  noticed  the  trend, 
since  the  business  didn’t  convey  its  needs  to  IT,”  she  says. 

Most  of  the  CMDB  products  commercially  available  now  have 
incident-,  problem-  and  change-tracking  built  in,  but  even  if  they 
don’t,  says  McGrane,  it  is  easy  enough  to  link  these  processes 
together.  MeadWestvaco’s  original  configuration  management  sys¬ 
tem  was  actually  built  by  seniors  at  the  University  of  Dayton  as  part 
of  a  school  project.  “We  didn’t  realize  how  critical  [the  CMDB]  was 
at  first,”  says  McGrane.  (The  company  has  subsequently  bought  a 
configuration  management  product  from  BMC  Software.) 

A  CMDB  can  help  with  what-if  planning  to  find  out  if  a  proposed 
change  could  have  unintended  consequences  on  any  other  systems  in 
the  environment.  ITIL’s  change  management  methodology  also 


THE  HEART  OF  THE  MATTER 

The  ITIL  service  support  book  provides  organizations  with 
processes  for  tracking  incidents,  identifying  problems  and  making 
changes  to  solve  them,  but  idtimately  people  must  follow  the 
processes.  The  best  way  to  ensure  this  happens  is  to  give  IT  staffers 
a  system  that  does  it  for  them. 

Meet  the  configuration  management  database  (CMDB),  the  tech¬ 
nical  underpinning  of  all  ITIL  projects. 

“The  CMDB  is  the  core  of  ITIL,”  says  Christine  Rose,  director  of 
global  IT  at  Finisar,  a  computer  hardware  manufacturer  that  adopted 
ITIL  in  2002.  “It  allows  you  to  track  your  assets  and  gives  you  a 


52 


SEPTEMBER  1,  2005  |  www.cio.com 


PHOTO  BY  ANDY  FREEBERG 


Cover  Story 


IT  Governance 


requires  alerting  business  users  72  hours  before  a 
major  change  is  made.  That  way  the  finance  depart¬ 
ment,  for  instance,  can  request  a  delay  to  an  ERP 
change  if  it  needs  the  system  up  to  close  the  books. 

“There  are  a  lot  of  things  that  the  business  does  that 
IT  just  doesn’t  know  about,”  says  Rose.  “This  allows 
us  to  align  ourselves  with  the  business  instead  of 
just  making  them  angry  when  something  they  need 
isn’t  available.” 

WHAT  ITIL  CAN’T  DO 

The  biggest  fault  that  users  find  with  ITIL  is  that 
while  it  contains  best  practices  for  IT  management, 
it  is  essentially  just  a  list  of  things  companies 
should  be  able  to  do.  “You  don’t  implement  ITIL,” 
says  Johnson,  the  member  of  the  original  ITIL 
team.  “You  use  it  to  help  create  organizational  change.”  Translation: 
ITIL  doesn’t  offer  guidance  on  how  to  actually  apply  the  best  prac¬ 
tices  it  catalogs;  each  organization  must  design  its  own  processes 
based  on  ITIL  principles. 

“Since  ITIL  is  only  a  framework,  it  puts  you  in  a  situation  where  you 
need  to  rely  on  somebody  to  fill  in  the  gaps,”  says  Strande.  The  Col¬ 
lege  Board  hired  consultants  from  Noblestar  and  Booz  Allen  Hamil¬ 
ton  to  help  with  its  ITIL  implementation. 

This  situation  might  not  be  accidental.  While  the  original  version 
of  ITIL  published  in  the  1980s  was  written  by  British  government 
workers,  all  of  the  current  version  was  written  by  consultants  or 
vendors— the  same  people  whose  livelihood  depends  on  compa¬ 
nies  needing  help  to  implement  the  practices  described. 

ITIL  for  Your  Audit 

Why  ITIL  isn’t  a  match  for  Sarbanes-Oxley  compliance 


“People  need  to  have  an  ulterior  motive  for  pro¬ 
ducing  the  material,”  concedes  Aidan  Lawes,  CEO 
of  the  IT  Service  Management  Forum  (ITSMF),  the 
organization  with  day-to-day  oversight  of  ITIL  (the 
British  government  still  owns  the  ITIL  trademark, 
but  for  all  practical  purposes,  the  ITSMF  manages 
ITIL).  Lawes  is  trying  to  come  up  with  a  way  of 
compensating  authors  before  the  next  version  of 
ITIL  is  published  in  about  18  months,  in  hopes  of 
widening  the  pool  of  contributors. 

Neither  McGrane  nor  Rose  hired  consultants,  but 
they  admit  that  the  trade-off  is  dedicating  time  and 
staff  resources  to  building  up  ITIL  expertise  in- 
house.  At  MeadWestvaco,  that  meant  a  year  of 
informal  training,  delaying  the  IT  department’s  reor¬ 
ganization  until  the  third  quarter  of  2004. 

And  that  is  just  the  start,  quite  literally.  Designing  new  processes 
may  only  take  months,  but  the  amount  of  change  required  can  be  so 
substantial  that  most  IT  organizations  will  need  several  years  to 
implement  them.  MeadWestvaco,  which  is  currently  using  only  the 
service  support  and  service  delivery  books,  won’t  launch  some  ITIL 
processes  until  the  end  of  2005— nearly  two  years  after  beginning 
with  the  framework.  Even  after  the  launch,  McGrane  advises,  “it 
will  be  18  to  24  months  from  the  time  you  introduce  it  to  the  time  you 
actually  start  seeing  adoption  of  it  as  the  way  you  do  business.”  Tom 
Thompson,  MeadWestvaco’s  director  of  process  transformation,  is 
more  candid.  “You  could  probably  do  it  in  four  months  but  you 
would  have  a  bunch  of  dead  bodies,”  he  says. 

Another  drawback:  Old  habits  are  hard  to  break.  Rose  says  that  she 
had  to  give  her  entire  IT  staff  new  cell  phone  num¬ 
bers  to  prevent  users  from  bypassing  the  service 
desk  and  calling  staff  directly.  Also,  most  CIOs  say 
that  layoffs  are  inevitable  because  some  IT  people 
just  can’t  adapt  to  the  new  processes.  (Strande,  on 
the  other  hand,  hired  several  staffers  after  his  ITIL 
project  revealed  gaps  in  how  his  IT  department 
handled  service-level  and  problem  management. 

But  for  many  CIOs,  the  pain  of  ITIL  is  worth  it. 
Since  Finisar’s  service  desk  was  standardized, 
customer  satisfaction  rates  have  risen  from 
33  percent  to  95  percent.  And  Rose  has  cut  the 
amount  Finisar  spends  on  IT  from  4  percent  of 
revenue  to  2.4  percent. 

“To  run  IT  like  a  business,  you  need  to  under¬ 
stand  the  key  services  that  go  into  it,”  says 
McGrane.  “ITIL  makes  that  work  visible.  It  allows 
you  to  measure  what  is  important,  so  you  can 
emphasize  the  things  that  add  value  and  take  out 
the  things  that  don’t.”  BE! 


Senior  Writer  Ben  Worthen  ( bworthen@cio.com )  writes 
about  business  process  in  IT. 


IT’S  IMPOSSIBLE  TO  TALK  ABOUT  I.T.  PROCESS  frameworks  without  mentioning  the  Sar- 
banes-Oxley  audit.  Publicly  traded  companies  are  now  required  to  have  tight  control  over 
financial  reporting  and  must  pass  two  annual  audits  substantiating  that:  one  for  finance 
and  one  for  the  IT  systems  that  produce  and  contain  financial  data.  The  Securities  and 
Exchange  Commission  has  all  but  formally  endorsed  the  COSO  (Committee  of  Sponsor¬ 
ing  Organizations)  framework  as  the  standard  for  evaluating  financial  controls.  There 
has  been  no  such  SEC  guidance,  however,  for  the  IT  audit.  In  the  absence  of  specific 
direction,  CIOs  have  turned  to  existing  IT  frameworks,  including  the  IT  Infrastructure 
Library  (ITIL),  to  ensure  that  their  processes  for  supporting  financial  data  are  sound. 

Christine  Rose,  director  of  global  IT  at  Finisar,  a  computer  hardware  manufacturer, 
says  that  the  best  practices  in  ITIL  support  some  of  the  processes  now  required  by  Sar- 
box.  "Having  ITIL  in  place  gives  you  a  solid  foundation,”  she  says.  ITIL  isn’t  a  Sarbox 
solution  in  and  of  itself,  however.  Dave  Erickson,  a  partner  at  PricewaterhouseCoopers, 
says  Sarbox  is  about  assessing  risk.  While  risk  assessment  is  an  element  of  ITIL,  it  isn’t 
the  framework’s  primary  focus.  Furthermore,  CIOs  who  put  ITIL  or  any  other  IT  frame¬ 
work  in  place  solely  to  comply  with  Sarbox  will  have  gone  overboard,  says  Erickson.  The 
Sarbanes-Oxley  Act  requires  only  that  companies  establish  controls  over  the  systems 
relating  directly  to  financial  reporting.  ITIL,  Cobit  and  other  frameworks  for  IT  help 
companies  put  in  place  general  controls  for  IT— a  good  thing  to  have,  but  much  broader 
than  the  narrow  scope  required  by  law.  -B.  W. 


Leadership 

Agenda 

This  article  tells  CIOs  how  to 
RUN  I.T.  EFFICIENTLY  AND 
EFFECTIVELY-oneofourfive 
Leadership  Agenda  topics. 
Goto  AGENDA.CIO.COM 
to  learn  more  about  this  and 
the  other  must-dos  for  ’05: 
driving  innovation,  proving 
IT  value,  developing  leaders 
and  managing  expectations. 

.com 


www.cio.com  |  SEPTEMBER  1.  2005 


53 


PHOTO  BY  LIU  JIN/AFP/GETTY  IMAGES 


BY  ALLAN  HOLMES 


Four  years  after  9/11,  the  United  States  has  a  biometrics  screening 
system  for  foreign  visitors— US-Visit— and  we  got  it  on  time  and 
within  budget.  But  the  system  is  neither  as  efficient  nor  as  airtight 
as  it  could  be.  Here’s  why. 

Early  in  the  morning  on  Jan.  5, 2004,  Gloria  Quevedo,  who  had  just 
flown  all  night  from  Chile  to  Atlanta,  walked  up  to  Customs  and 
Border  Protection  (CBP)  and  became  one  of  the  first  foreign  visi¬ 
tors  to  the  United  States  to  undergo  biometric  screening.  Newspaper  and 
television  reporters— as  well  as  Department  of  Homeland  Security  Sec¬ 
retary  Tom  Ridge— witnessed  the  historic  event.  Quevedo’s  fingerprints 
were  scanned,  her  identity  verified,  and  her  name  checked  against 
numerous  databases  to  make  sure  she  wasn’t  a  suspected  terrorist  or 
criminal.  Foreign  visitors  at  114  other  airports  and  14  seaports  would 
undergo  the  same  kind  of  screening  that  day. 

More  than  600  miles  away  in  Washington,  D.C.,  the  man  who  helped 
guide  the  development  and  implementation  of  the  new  system  was  sitting 


Reader  ROI 

::  How  US-Visit  met  most  of 
its  deadlines  on  time  and 
within  budget 

::  How  the  focus  on  deadlines 
compromises  system 
capabilities 

::  What  trade-offs  were  made 
in  systems  integration 


www.cio.com  |  SEPTEMBER  1,  2005; 


Homeland  Security 


Given  an  immovable  deadline  to  develop  a  system  for  screening  foreign  visitors, 
US-Visit  CIO  Scott  Hastings  decided  to  integrate  existing  systems  that  satisfied 
basic  business  requirements,  rather  than  develop  new  technology  which,  although 
more  efficient,  would  have  taken  more  time  to  deploy. 


nervously  at  his  desk,  in  constant  commu¬ 
nication  with  the  help  desk  and  other  IT 
staffers  in  the  field.  Scott  Hastings,  CIO  of 
the  US-Visit  program,  knew  that  a  major 
glitch  in  the  system  (which  had  been  fielded 
in  less  than  six  months)  could  give  the 
department  a  black  eye.  US-Visit,  which 
stands  for  the  United  States  Visitor  and 
Immigrant  Status  Indicator  Technology  sys¬ 
tem,  was  one  of  the  primary  measures  Con¬ 
gress  had  identified  after  9/11  to  protect  the 
nation  against  terrorists. 

If  the  system  failed,  it  would  be  a  public 
relations  disaster.  Biometrics  had  never 
before  been  used  on  such  a  large  scale,  and 
US-Visit  needed  to  prove  not  only  that  it 
could  identify  miscreants  but  also  that  it 
could  protect  the  privacy  of  innocent  travel¬ 
ers  and  process  them  in  a  reasonable 
amount  of  time.  Otherwise,  the  program 
risked  doing  serious  damage  to  tourism  and 
international  relations. 

But  on  Jan.  5,  all  went  well.  An  agent  greeted 
Quevedo  and  swiped  her  visa  through  a 
magnetic  reader,  accessing  her  biographical 
data  and  a  photo  from  a  State  Department 
database.  Then  the  agent  took  her  picture 
and  Quevedo  placed  her  left  and  then  right 
index  fingers  on  an  inkless  glass  plate,  which 
scanned  her  fingers.  To  confirm  her  identity, 
the  system  matched  that  scan  with  those  col¬ 
lected  when  she  was  issued  her  visa.  Her  bio¬ 
graphical  data  and  fingerprint  scans  were 
also  checked  against  watch  lists  that  include 
suspected  or  known  terrorists.  Within  sec¬ 
onds,  the  answer  came  back:  No  match.  After 
answering  some  routine  questions,  Quevedo 
was  allowed  to  enter  the  United  States.  As 
were  35,000  other  visitors  that  day. 

“The  sense  of  relief  was  palpable,”  says 
Hastings,  recalling  the  mood  of  his  team  at 
the  time.  “It  was  a  ‘cross  the  fingers  every 
single  day’  job.”  The  US-Visit  team  had  met 
its  first  deadline  with  no  hiccups.  And 
within  its  $380  million  budget. 

Hastings  and  his  team  would  also  meet 
the  next  deadline  as  they  deployed  the  entry 
screening  system  to  the  nation’s  50  busiest 
land  border  crossings  in  January  2005.  And 
later  this  year,  Hastings  says,  the  program 
office  expects  to  meet  yet  another  deadline 
by  deploying  the  entry  screening  system  to 
the  remaining  115  border  crossings.  Of 


course,  as  Hastings  and  others  acknowledge, 
the  true  measure  of  success  for  US-Visit  will 
be  keeping  terrorists  out  of  the  country.  In 
addition,  the  US-Visit  team  has  yet  to 
develop  that  portion  of  the  system  that  ver¬ 
ifies  that  a  foreign  visitor  has  left  the  coun¬ 
try  when  he’s  supposed  to.  As  a  result,  CBP 
still  doesn’t  know  whether  visitors  from 
other  countries  are  overstaying  their  visas, 
as  some  of  the  9/11  hijackers  did. 

While  some  officials  have  hailed  US-Visit 
as  a  rare  government  IT  success  story,  others 
are  not  so  charitable.  In  February,  a  DHS 
inspector  general  report  concluded  that  US- 
Visit  met  “only  the  bare  minimum”  for  check¬ 


ing  foreign  visitors.  The  report  noted  that  the 
system  checked  only  about  3  percent  of  all 
foreign  travelers  to  the  United  States,  because 
many  travelers  (primarily  Mexicans  with 
Border  Crossing  Cards  and  Canadians,  who 
don’t  need  visas),  are  not  required  to  be 
screened  by  US-Visit.  In  essence,  US-Visit 
seems  to  be  fulfilling  its  initial  mandate,  but 
critics  say  it  needs  to  do  more. 

Another  internal  report,  which  the  Justice 
Department  released  in  June,  found  that 
almost  32,000  individuals  on  the  govern¬ 
ment’s  terrorist  watch  list  had  been  erro¬ 
neously  classified  by  US-Visit  at  the  lowest 
level  of  security  handling,  which  means  CBP 


56 


SEPTEMBER  1,  2005  |  www.cio.com 


PHOTO  BY  CLAUDIO  VAZQUEZ 


officers  who  encounter  these  individuals  are 
not  required  to  detain  them.  And  the  pro¬ 
gram  recently  came  under  criticism  for  mis¬ 
takenly  detaining  35  crew  members  from 
foreign  airlines  arriving  in  the  United  States. 
In  addition,  the  Government  Accountability 
Office,  the  independent  watchdog  agency  for 
Congress,  has  repeatedly  criticized  US-Visit 
for  not  following  standard  program  manage¬ 
ment  disciplines,  such  as  developing  a  strate¬ 
gic  plan  and  tracking  costs  and  benefits. 

“Success  depends  how  you  measure  it,” 
says  Randy  Hite,  the  GAO’s  director  for  IT 
architecture  and  systems  issues,  who  con¬ 
ducts  oversight  on  the  US-Visit  program.  “If 
you  don’t  commit  to  what  you  are  going  to  do 
and  how  you  will  measure  it,  you  can  declare 
success  on  whatever  you  choose  to  measure.” 

Hastings  acknowledges  that  getting  a 
workable  screening  system  in  place  on  time 
meant  making  trade-offs  in  standard  project 
management  practices,  in  documenting  what 
was  done  and  in  measuring  the  ROI.  He  says 
he  didn’t  have  time  to  do  the  kind  of  strategic 
plan  that  might  have  enabled  the  US-Visit 
team  to  build  the  most  comprehensive  solu¬ 
tion  possible.  He  also  didn’t  have  time  to 
build  a  new  system  using  the  latest  tech¬ 
nologies.  Instead,  to  meet  its  deadline,  the 
US-Visit  staff  was  forced  to  cobble  together  a 
bunch  of  legacy  applications  and  networks. 
The  system  will  need  repeated  code  changes 
as  new  requirements  are  added.  In  short,  the 
US-Visit  program  is  currently  the  sum  total 
of  all  the  compromises  that  deadline  pres¬ 
sure  made  necessary. 

“This  violated  every  rule  in  how  you  do 
systems  development,”  Hastings  acknowl¬ 
edges.  “But  you’ve  gotta  compromise,  and 
you’ve  gotta  break  rules.” 

No  Time  to  Lose 

In  the  weeks  after  the  9/11  attacks,  Ameri¬ 
cans  looked  to  their  government  to  respond 
quickly.  In  October  2001,  Congress  passed 
the  USA  Patriot  Act,  which  called  for 
(among  other  things)  the  creation  of  a  system 
for  checking  the  identities  of  foreign  travel¬ 
ers  entering  the  United  States  and  for  veri¬ 
fying  when  they  left,  a  so-called  entry-exit 
system.  The  Patriot  Act  also  set  a  strict 
timetable  for  delivery:  By  Dec.  31,  2003, 


the  government  was  to  deploy  such  a  sys¬ 
tem  to  115  airports  and  14  major  seaports. 
By  Dec.  31,  2004,  the  system  had  to  be 
expanded  to  the  50  busiest  land  border 
crossings,  which  process  nearly  90  percent 
of  the  240  million  people  who  cross  the  U.S. 
border  from  Canada  and  Mexico  every  year. 

But  before  an  entry-exit  system  could  be 
built,  let  alone  deployed,  Congress  had  to 
create  the  Department  of  Homeland  Secu¬ 
rity,  a  merger  of  22  federal  agencies.  Gov¬ 
ernment  executives  had  to  be  hired,  and 
security  clearances  had  to  be  conducted. 
Consequently,  work  on  the  entry-exit  sys¬ 
tem  did  not  begin  until  the  summer  of 
2003,  by  which  time  DHS  had  just  six 
months  to  meet  its  first  deadline. 

In  July  2003,  Asa  Hutchinson,  then  deputy 
secretary  for  DHS’s  Border  and  Transporta¬ 
tion  Directorate,  hired  Jim  Williams  as  direc¬ 
tor  of  the  US-Visit  program.  And  he  hired 
Hastings,  the  former  CIO  of  the  Immigration 
and  Naturalization  Service  (INS),  as  the  pro¬ 
gram’s  CIO.  Williams  and  Hastings  quickly 
met  with  Ridge  and  Hutchinson.  Hastings 
recalls  that  they  discussed  the  program’s 
goals,  including  making  sure  the  system  did 
not  impede  commerce  (no  long  lines  in  cus¬ 


toms),  and  that  it  protected  travelers’  pri¬ 
vacy  while  keeping  the  terrorists  out.  One 
of  the  only  requirements  that  was  not  nego¬ 
tiable  was  the  deadline,  five  months  away. 
Hastings  and  Williams  assured  Ridge  the 
project  was  doable. 

After  meeting  again  with  Ridge  a  few 
weeks  later,  Williams  informed  Hastings 
and  the  US-Visit  team  that  the  secretary 
wanted  the  system  to  rely  on  biometrics  to 
check  identities,  removing  the  opportunity 
to  forge  documents.  Biometrics  had  yet  to  be 
successfully  deployed  in  a  major  govern¬ 
ment-run  system,  and  the  privacy  concerns 
were  huge,  especially  in  foreign  countries 
where  (like  the  United  States)  fingerprint¬ 
ing  was  seen  as  a  practice  reserved  only  for 
booking  criminals. 

Making 

Compromises 

In  late  summer  2003,  Williams  and  Hast¬ 
ings  set  up  a  war  room  on  the  17th  floor  of 
US-Visit  headquarters  in  Arlington,  Va., 
where  the  staff,  consisting  of  no  more  than  a 
dozen  people,  could  meet.  The  team  con- 


US-VISIT  COMPONENTS 

Seven  legacy  applications  compose  the  system  used  to 
screen  foreign  visitors 


Arrival  Departure  Information  System  (ADIS).  Stores  arrival  and  departure 
information  from  travelers. 

Advance  Passenger  Information  System  (APIS).  Contains  arrival  and  departure 
manifest  information  from  airlines  and  ships. 

Computer  Linked  Application  Information  Management  System  3  (Claims  3). 
Holds  information  on  foreign  nationals  who  request  public  benefits. 

Interagency  Border  Inspection  System  (IBIS).  Maintains  "lookout”  data.  IBIS  in 
turn  interfaces  with  the  Interpol  and  National  Crime  Information  Center  databases. 

Automated  Biometric  Identification  System  (Ident).  Stores  biometric  data  of 
foreign  visitors. 

Student  Exchange  Visitor  Information  System  (Sevis).  Contains  information  on 
foreign  students  in  the  United  States. 

Consular  Consolidated  Database  (CCD).  Includes  information  about  whether  an 
individual  holds  a  valid  visa  or  has  previously  applied  for  a  visa.  -A.H. 


www.cio.com  |  SEPTEMBER  1,  2005 


57 


Homeland  Security 


eluded  that  it  needed  a  working  prototype  to 
test  by  mid-November. 

One  thing  was  immediately  apparent:  The 
staff  would  not  be  able  to  follow  typical  pro¬ 
gram  management  practices.  Some  steps 
would  have  to  be  done  in  tandem  rather  than 
sequentially,  such  as  testing  the  system  while 
conducting  system  design  and  development. 
According  to  the  GAO,  some  processes  were 
left  out  completely,  such  as  documenting  the 
system  ROI. 

“Given  the  deadline  and  resources,  this 
was  the  only  way  to  do  it  and  still  meet  the 
letter  of  the  law,”  Hastings  says. 

Hastings  knew  the  team  would  catch  heat 


biometric  readers  and  digital  cameras  also 
had  to  be  installed.  The  networks  at  the  ports, 
running  on  aging  cables  and  routers,  had  to 
be  consolidated  and  upgraded.  But  new  tech¬ 
nologies  such  as  Web  services  (which  would 
remove  the  need  to  code  individual  links  to 
multiple  databases)  were  out  of  the  question. 
The  looming  deadline  forced  Hastings  to  cob¬ 
ble  together  a  system  by  integrating  applica¬ 
tions  from  four  independent  agencies. 

Fortunately,  Hastings  already  had  inti¬ 
mate  knowledge  of  the  systems  the  INS  used 
to  fingerprint  immigration  violators  and  to 
store  travelers’  arrival  and  departure  infor¬ 
mation.  And  he  had  already  tapped  a  small 


a  federation  of  systems— a  network  formed 
of  legacy  INS,  customs  and  State  Depart¬ 
ment  IT  systems.  The  team  looked  for  sys¬ 
tems  that  were  embedded  in  existing 
business  processes.  (The  team  knew  that  the 
deadline  would  not  allow  for  reengineering 
those  processes,  which  would  require 
retraining  agents.)  The  systems  had  to  be 
scalable  so  that  they  could  be  expanded  to 
hundreds  of  ports.  Ease  of  integration  was  a 
requirement  as  well,  as  there  was  no  time 
for  a  lot  of  new  programming.  The  systems 
also  needed  to  be  fast  (so  that  travelers  could 
be  cleared  quickly). 

Seven  applications  were  identified  as  the 


The  US-VISIT  System 


Biometrics  enable  Customs  and  Border  Protection  agents  to  verify  foreign  visitors’  identities 


Customs  agents  take  a  digital  photograph  of  each 
visitor  entering  the  United  States  with  a  visa. 


A  scanner  captures  images  of  the  visitor’s  left 
and  right  index  fingers. 


Agents  use  the  visitor’s  visa  to  access  a  database  con 
taining  finger  scans  and  a  photograph  captured  when 
the  visa  was  issued.  If  these  match,  the  traveler  may 
enter  the  United  States. 


for  not  following  proven  project  management 
disciplines  as,  indeed,  it  did.  “We  thought  the 
criticism  was  fair,”  Hastings  says,  “but  we  had 
no  choice,  and  we  knew  we  would  have  time 
later  to  correct  some  of  the  shortcomings.” 

The  team  also  realized  that  it  could  not 
develop  a  lot  of  new  systems.  Certainly,  the 
outdated  infrastructure  in  U.S.  ports  would 
have  to  be  replaced,  including  installing  more 
than  3,000  new  desktops  (the  old  ones  had 
Windows  95  operating  systems)  or  replacing 
the  CBP  officers’  green-screen  monitors.  New 


Department  of  Justice  team  that  had  been 
working  on  an  older  entry-exit  system 
required  by  a  1996  law.  (That  project  was 
languishing  due  to  lack  of  funding  and 
attention.)  The  eight  people  working  on  that 
system  were  transferred  to  US-Visit.  The 
staff  eventually  absorbed  program  man¬ 
agers  and  IT  staff  from  around  DHS  and 
from  other  departments,  such  as  the  State 
Department,  involved  in  international  travel 
and  commerce. 

The  group  mapped  out  what  it  would  call 


core  of  the  new  system,  including  the  Ad¬ 
vance  Passenger  Information  System,  a 
decade-old  mainframe  system  operated  by 
the  U.S.  Customs  Service  that  contains  arrival 
and  departure  manifest  data,  and  the  Con¬ 
sular  Consolidated  Database,  a  State  Depart¬ 
ment  system  that  stores  information  on 
visitors  who  hold  or  have  applied  for  a  U.S. 
visa.  (See  “US-Visit  Components,”  Page  57,  for 
a  complete  list  of  the  seven  networks.) 

Hastings  knew  he  could  not  afford  the 
time  to  develop  configuration  management 


58 


SEPTEMBER  1,  2005  |  www.cio.com 


PHOTO  LEFT  BY  AP/WIDE  WORLD  PHOTOS;  MIDDLE  AND  RIGHT  BY  GETTY  IMAGES 


EMC2 

where  information  lives' 


a  wide  range  of  information  management  challenges 


a  wide  range  of  software  to  overcome  them 


EMC  SOFTWARE  GIVES  YOU  MORE  OPTIONS,  MORE  CHOICES.  You  have  all 
kinds  of  information  management  challenges.  EMC  has  the  software  to  help  you  overco 
them.  Whetheryou’re  dealing  with  storage  management  or  content  management.  So 
manage  growth,  protect  and  recover  information,  achieve  compliance  and  business  con 
ity,  and  keep  everything  running  smoothly.  And  EMC  software  works  with  your  systems  and 
software.  Now,  and  in  the  future.  To  learn  more,  visit  www.EMC.com/software. 


y-m m 

v  i  n 


■  .  I'  V 

EMC2,  EMC,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ©  Copyright  2004,  2005.  EMC  Corporation.  All  rights  reserved.  " : 


Homeland  Security 


TAG,  YOU’RE  LEAVING 

US-Visit  tests  RFID  tags  for  tracking  when  visitors  exit 
the  country 


BEGINNING  THIS  SUMMER,  Customs  and  Border  Protection  (CBP)  officers  at  three 
border  crossings  in  Arizona,  New  York  and  Washington  state  will  issue  incoming 
foreign  visitors  1-94  (arrival-departure)  forms  embedded  with  RFID  tags.  A  tag  will 
be  activated  at  the  time  an  officer  issues  the  form,  on  which  a  visitor  records  the 
duration  of  her  visit,  its  purpose  and  her  temporary  U.S.  address. 

If  the  visitor  leaves  through  one  of  those  three  ports,  an  RFID  reader  will  pick  up 
the  tag’s  frequency,  read  it,  match  the  number  to  the  traveler’s  identity  and  record 
the  date  and  time  of  her  departure.  The  system  can  tell  if  the  visitor  overstayed  the 
amount  of  time  issued  on  her  visa.  The  pilot  is  scheduled  to  end  in  spring  2006. 
US-Visit  officials  declined  to  give  preliminary  results. 

But  US-Visit  CIO  Scott  Hastings  has  his  concerns  about  how  viable  the  RFID 
solution  will  be.  The  privacy  concerns  may  be  difficult  to  overcome,  given  public 
fears  about  the  ease  with  which  RFIDs  can  be  used  to  track  people’s  movements. 
Although  US-Visit  has  no  plans  to  track  visitors  while  they  are  in  the  country,  Hast¬ 
ings  says,  “If  we  had  a  hard  time  with  privacy  over  taking  fingerprints,  RFID  is  going 
to  be  that  much  harder.  It’s  just  too  new,”  Hastings  says.  "I’m  not  sure  if  this  is  the 
way  we  will  end  up  going."  -A.H. 


processes  or  traceability  matrices  for  soft¬ 
ware  development  to  determine  if  in  fact 
every  business  requirement  had  been  deliv¬ 
ered.  He  had  to  trust  that  systems  managers 
were  applying  the  proper  procedures  to  make 
sure  the  systems  stayed  operable  and  that  the 
data  was  protected  and  not  corrupted. 

“We  felt  [Secretary  Ridge]  expected  us  to 
deliver  immediate  capability,”  Hastings  says. 
“We  had  to  get  it  right”  the  first  time. 

Two  Versus  10 
Fingerprints 

One  of  the  biggest  problems  still  hadn’t  been 
solved.  How  was  the  team  going  to  satisfy 
Ridge’s  requirement  to  use  biometrics  with¬ 
out  bogging  down  the  immigration  inspec¬ 
tions  process? 

Hastings  felt  he  had  one  alternative,  and 
it  again  required  relying  on  a  legacy  system. 
For  more  than  a  decade,  border  patrol  agents 
along  the  U.S. -Mexican  border  had  been 
using  a  system  known  as  Ident  to  collect  fin¬ 
gerprints,  digital  photos  and  biographical 


data  from  people  they  encountered  during 
enforcement  activities.  INS  had  begun  to 
make  the  system  interoperable  with  an  even 
larger  FBI  fingerprint  database  containing 
47  million  fingerprint  records  of  suspected 
and  known  felons. 

The  knock  against  Ident,  however,  was  that 
it  used  only  two  fingerprints  for  identifica¬ 
tion,  the  right  and  left  index  fingers.  Critics 
argued  that  using  only  two  fingerprints 
makes  matching  less  accurate.  It  also  allows 
criminals  (and  terrorists)  to  foil  the  system  by 
altering  those  two  fingerprints.  Lawrence 
Wein,  a  Stanford  University  professor,  testi¬ 
fied  before  Congress  that  by  using  the  two- 
fingerprint  method,  US-Visit  would  be  able  to 
identify  terrorists  only  53  percent  of  the  time. 

But  Hastings  again  had  to  make  a  choice. 
There  was  no  time  to  develop  a  system 
based  on  10  fingerprints  and  also  meet  the 
15-second  turnaround  time  the  team  believed 
it  needed  to  keep  the  inspections  process 
moving  expeditiously. 

The  team  also  knew  that  even  before  vis¬ 
itors  are  issued  a  visa  to  come  to  the  United 
States,  the  State  Department  searches  a  fin¬ 


gerprint  database  of  suspected  and  known 
terrorists  and  felons.  All  the  US-Visit  team 
needed  to  do  was  make  a  one-to-one  match 
with  the  State  Department  database  of 
issued  visas,  people  known  to  have  passed 
the  initial  screening. 

Hastings  acknowledges  that  if  US-Visit 
had  had  the  time,  it  would  have  developed  a 
10-fingerprint  system  so  that  the  program 
could  more  easily  integrate  with  the  FBI  data¬ 
base.  In  July,  DHS  Secretary  Michael  Chertoff 
announced  that  US-Visit  would  begin  col¬ 
lecting  10  fingerprints  from  visitors  when 
they  enroll  in  the  program,  which  occurs 
before  the  State  Department  approves  an 
application  for  a  visa.  CBP  agents  will  con¬ 
tinue  to  use  two  fingerprints  to  match  against 
the  State  Department  database  to  verify  visi¬ 
tors’  identities  when  they  arrive  in  the  United 
States.  But  Hastings  says  if  biometric  tech¬ 
nology  improves,  CBP  agents  could  begin 
making  10-fingerprint  matches  in  the  future. 

Privacy  Iceberg 
Dead  Ahead 

Technological  challenges  aside,  Hastings  and 
Williams  knew  the  whole  program  could  be 
brought  down  if  they  failed  in  the  privacy  area. 
A  public  outcry  in  2003  killed  the  Total  Infor¬ 
mation  Awareness  system,  a  network  the 
Defense  Department  had  begun  working  on 
after  9/11  to  identify  possible  terrorist  activity 
by  sifting  through  Americans’  personal  infor¬ 
mation— e-mails,  telephone  records  and  credit 
card  transactions.  (See  “Poindexter  Comes  in 
from  the  Cold”  at  wzozo.cio.com/09010S.)  And 
Congress,  responding  to  public  pressure,  also 
delayed  the  Transportation  Security  Admin¬ 
istration’s  Computer  Assisted  Passenger  Pre¬ 
screening  System  II  (Capps  II),  which  would 
have  used  an  airline  passenger’s  name, 
address,  phone  number  and  date  of  birth  to 
retrieve  his  credit  and  banking  history  and 
conduct  a  criminal  background  check. 

Americans  were  clearly  on  guard  about 
their  personal  information.  But  would  for¬ 
eign  visitors  trust  the  U.S.  government  to 
protect  the  privacy  of  their  biographical  and 
biometric  data? 

Hastings  and  Williams  knew  they  had  to 
do  something  dramatic,  and  so  they  decided  to 


60 


SEPTEMBER  1,  2005  |  www.cio.com 


EMC2 

where  information  lives” 


MmH 


no  good  idea  unsaid 


no  good  idea  unshared 


EMC  DOCUMENTS  UNITES  YOUR  CONTENT  AND  YOUR  BUSINESS.  It’s  the  only  enterprise 
content  management  solution  proven  to  handle  everything  from  records  to  rich  media  with  one 
integrated  platform.  Helping  everyone  create,  deliver,  and  archive  content  effortlessly.  All  while 
I  enabling  compliance  and  reducing  costs  with  a  streamlined  process.  To  learn  how  to  share  your 

i  documentum  ideas,  visit  www.EMC.com/documentum.Or  call  1-800-607-9546. 


EMC.  EMC',  DoeumenUnn.  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ©  2005  EMC  Corporation-.  AM  rights  reserved. 


Homeland  Security 


give  international  travelers  the  same  pro¬ 
tections  granted  U.S.  citizens  under  the  Pri¬ 
vacy  Act.  The  act  permits  only  certain 
agencies  to  access  the  data  and  forbids  them 
from  sharing  it  with  other  agencies  without 
posting  public  notices.  Ari  Schwartz,  asso¬ 
ciate  director  of  the  Center  for  Democracy 
and  Technology,  a  privacy  advocacy  group, 
says  extending  Privacy  Act  protections  to 
international  travelers  was  a  decisive  move 
because  the  law  is  among  the  most  protec¬ 
tive  in  the  world.  Invoking  it  “helped  ease  a 
lot  of  concerns,”  he  says. 

However,  given  the  tight  deadline,  US- 
Visit  posted  its  privacy  policy  on  the  day 
the  first  deployment  became  operational, 
even  though  such  notices  are  supposed  to 
be  available  weeks  in  advance  of  a  system 
deployment  to  give  the  public  time  to  com¬ 
ment  and  the  agency  time  to  make  requested 
adjustments. 


The  total  number  of  people  arriving  in  the 
United  States  increased  12.7  percent  in  the 
first  quarter  of  2005  over  the  same  period 
the  previous  year,  according  to  monthly  sta¬ 
tistics  collected  by  the  Office  of  Travel  and 
Tourism  Industries. 

No  Exit 

US-Visit’s  reliance  on  existing  technology 
has  worked  for  the  entry  portion  of  the  sys¬ 
tem.  But  the  exit  portion  has  yet  to  progress 
past  the  pilot  stage.  That’s  because  there  is 
no  formal  process,  and  no  IT  system,  for 
tracking  when  a  foreign  visitor  leaves  the 
country.  DHS  estimates  that  as  many  as 
40  percent  of  all  illegal  immigrants  to  the 
United  States  arrive  here  carrying  a  legiti¬ 
mate  visa  but  end  up  overstaying. 

Congress  had  mandated  that  a  fully  func¬ 
tioning  entry-exit  system  be  in  operation  by 


who  declines  to  say  what  percentage  of  for¬ 
eign  travelers  to  the  United  States  use  it 
when  departing,  will  only  say  the  “compli¬ 
ance  rate  is  lower  than  we  would  like.” 

One  solution  US-Visit  is  considering  is 
based  on  the  ultimate  legacy  system— paper. 
Every  foreign  visitor  carrying  a  visa  has  to 
fill  out  an  1-94  form,  also  called  the  arrival- 
departure  record.  On  this  single  sheet,  visi¬ 
tors  must  disclose  how  long  they  plan  to  stay 
in  the  country,  the  purpose  of  their  visit  and 
their  temporary  address  in  the  United 
States.  The  form  is  affixed  to  their  passport, 
and  is  returned  to  an  airline  or  ship  repre¬ 
sentative  or  to  a  Canadian  or  Mexican  immi¬ 
gration  inspector  upon  departure.  While 
most  visitors  return  their  1-94  forms  when 
they  leave,  officials  have  no  record  of  depar¬ 
ture  for  some  20  percent  of  visitors  who 
enter  the  United  States  each  year.  To  better 
track  when  and  if  a  visitor  has  left  the  coun- 


Given  the  tight  deadline,  US-Visit  posted  its  privacy  policy  on  the  day  the  first  deployment  became 
operational,  even  though  such  notices  are  supposed  to  be  available  WEEKS  IN 
ADVANCE  .  That  didn’t  go  over  well. 


That  didn’t  go  over  well.  The  Brazilian  for¬ 
eign  minister  said  his  country  would  begin 
fingerprinting  and  photographing  U.S.  citi¬ 
zens  traveling  to  Brazil  if  the  United  States 
implemented  biometric  screening  of  Brazil¬ 
ian  citizens.  Japan  asked  the  United  States  to 
delete  Japanese  visitors’  fingerprints  and 
photos  once  travelers  have  left  the  United 
States.  And  China  demanded  that  the  United 
States  stop  fingerprinting  its  citizens,  call¬ 
ing  the  action  discriminatory  and  a  viola¬ 
tion  of  human  rights. 

But,  all  in  all,  the  outcry  has  been  rela¬ 
tively  muted,  and  the  screening  program 
seems  to  have  had  no  impact  on  tourism. 


WHAT  WOULD  YOU  DO? 


Every  critical  project  requires  compromises  in 
cost,  schedule  or  functionality.  How  do  you 
decide  which  trade-offs  are  the  right  ones?  Go 
to  this  story  online  and  ADD  A  COMMENT. 

cio.com 


each  of  the  stated  deadlines.  But  Hastings 
says  it  would  have  been  impossible  to  fully 
develop  the  exit  portion  of  the  system  given 
the  program’s  deadlines. 

To  figure  out  what  to  do,  US-Visit  has 
developed  a  pilot  project.  Since  last  summer, 
13  airports,  including  Chicago’s  O’Hare 
International  and  New  Jersey’s  Newark 
International,  and  one  seaport,  Miami’s 
International  Cruise  Line  Terminal,  have 
provided  checkout  kiosks  for  departing  for¬ 
eign  visitors.  Much  like  the  entry  system, 
the  exit  process  requires  that  a  visitor  swipe 
his  travel  documents  in  a  magnetic  reader 
in  the  kiosk,  place  his  index  fingers  on  the 
biometric  reader  and  have  a  photograph 
taken.  The  kiosk  sends  the  information  to 
the  US-Visit  database  to  verify  that  the  visa 
holder  and  the  individual’s  biometrics 
match.  A  receipt  is  printed  informing  the 
visitor  that  he  has  been  processed  for  depar¬ 
ture,  which  the  visitor  keeps  for  his  records. 
But  the  system  is  voluntary,  and  Hastings, 


try,  the  US-Visit  team  plans  to  test  the  idea  of 
embedding  RFID  tags  in  the  1-94  form.  (See 
“Tag,  You’re  Leaving”  on  Page  60.) 

Hastings  hopes  that  US-Visit  will  eventu¬ 
ally  enlist  the  help  of  the  airlines  in  checking 
identities  as  passengers  are  processed  for 
departure.  But  given  the  airline  industry’s 
financial  straits,  that  will  be  difficult  to  do.  In 
addition,  an  effective  exit  system  would 
require  new  international  passenger  and 
transportation  agreements  to  allow  domes¬ 
tic  and  foreign  airlines  to  exchange  infor¬ 
mation  with  foreign  governments. 

“This  is  an  area  in  which  there  is  not 
much  to  build  on,”  Hastings  says. 

The  US-Visit  program  has  its  work  cut 
out  for  it  for  the  foreseeable  future.  Hastings 
would  like  to  give  his  team  a  well-deserved 
breather.  But  they  have  another  deadline  to 
meet  in  less  than  four  months,  ram 


Washington  Bureau  Chief  Allan  Holmes  can  be  reached 
at  aholmes@cio.com. 


62 


SEPTEMBER  1,  2005  |  www.cio.com 


wm 


Fr:  on  edge  about  application  availability 


To:  on  top  of  it 


EMC? 

where  information  lives 


EMC 


EMC  FULLTIME  AUTOSTART  SOFTWARE  KEEPS  YOUR  APPLICATIONS  UP  AND  RUNNING. 

When  your  applications  aren’t  working,  your  business  isn’t  working.  Fulltime  AutoStart  software 
ensures  that  your  applications  and  data  are  always  available.  It  monitors  applications,  data,  and 
services,  and  provides  reliable  restart  or  failover  if  there  is  a  problem.  All  within  an  open,  flexible 
information  infrastructure  that’s  proven  to  work  in  the  most  demanding  situations.  So  you  can  make 
your  business  a  full-time  success.  To  learn  more,  visit  www.EMC.com/legato. 

EMC?  EMC,  Legato,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ©  2004  EMC  Corporation.  All  rights  reserved. 


BACK 


W 


JPMorgan  Chase’s  decision  to  first  outsource 
IT  and  then  bring  it  back  in-house  stands  as 
a  cautionary  tale  for  any  CIO  considering  an 
outsourcing  megadeal  by  Stephanie  overby 


When  David  Rosario  got  the  official  notice  at  the  end  of  2002  that  his  job  would 

be  outsourced  to  IBM,  he  was  not  surprised.  Rumors  had  been  circulating  for  months  at  JPMorgan 


Reader  ROI 

::  The  cost  to  JPMorgan 
Chase’s  employees  from 
the  upheaval 

::  The  cost  to  the  company 
in  productivity  and 
morale 


Chase,  where  he  had  worked  as  a  network  engineer  since  2001,  that  the  company 
would  be  signing  away  much  of  IT  to  an  external  services  company. 

The  $5  billion  IBM-JPMorgan  contract  was  heralded  at  the  time  as  the  largest  out¬ 
sourcing  deal  on  record,  and  it  received  a  great  deal  of  publicity  in  the  mainstream 
and  trade  press  as  the  wave  of  the  future.  JPMorgan  itself  had  trumpeted  the  deal 
as  a  “groundbreaking”  partnership  that  would  cut  costs,  increase  innovation  and 
benefit  its  IT  workers. 

But  Rosario  and  other  employees  soon  discovered  that  they  would  have  to  rein¬ 
terview  at  IBM  for  their  positions.  During  that  process,  Rosario  was  told  that  his  job 


::  How  to  avoid  making 
costly  outsourcing  and 
backsourcing  mistakes 


at  IBM  would  be  secure  for  the  foreseeable  future.  Others,  however,  were  not  so 
lucky.  They  were  told  by  Big  Blue  that  their  jobs  would  likely  be  gone  within  a  year 
or  two.  As  a  result,  some  left  as  soon  as  they  could. 


64 


SEPTEMBER  1,  2005  |  www.cio.com 


ILLUSTRATIONS  BY  STEVE  ADAMS 


Outsourcing 


Rosario  stayed. 

But  his  sense  of  security  didn’t  last.  Rosario  watched  as  IBM 
cut  the  pay  of  most  of  the  consultants  working  for  the  bank  and 
then  eventually  let  many  of  them  go.  And  with  IBM’s  well- 
publicized  penchant  for  sending  work  offshore,  he  wondered 
if— as  a  full-time  employee— he  would  be  next. 

But  before  that  could  happen,  on  July  1,  2004,  JPMorgan 
completed  its  merger  with  Chicago-based  Bank  One,  which 
itself  had  canceled  a  well-publicized  outsourcing  deal  with  IBM 
and  AT&T  a  few  years  earlier.  Two  and  a  half  months  later,  the 
merged  company  announced  that  it  would  be  ending  its  much- 
touted  deal  with  IBM  early  and  “baeksourcing”  its  information 
technology,  bringing  it  back  in-house. 

However,  Rosario  wasn’t  sure  how  long  he  could  hold  on  to 
his  regained  position  at  JPMorgan.  He  knew  that  there  were 
now  Bank  One  employees  doing  the  same  work  he  was.  And 

sure  enough,  not  long  after  he 
began  working  for  JPMorgan 
again,  he  found  out  his  job  was  on 
the  list  of  12  positions  to  be  elimi¬ 
nated  in  his  department.  Lucky 
for  Rosario,  he  had  become  skilled 
at  reading  the  IT  tea  leaves,  and 
had  already  secured  a  job  for  him¬ 
self  in  another  area  of  the  com¬ 
pany  as  an  IT  architect.  But  not 
before  all  the  to-and-fro  took  its 
toll  on  him.  “I  lost  my  trust  in 
management  a  long  time  ago,”  he 
says.  ‘‘I  don’t  believe  anything 
they  say  or  do.  I  know  they’ll  put 
a  spin  on  anything,  as  long  as  it 
allows  them  to  keep  retention  up 
for  just  as  long  as  they  need  to.” 

Rosario  is  just  one  of  thousands 
of  employees  affected  by  JPMor- 
gan’s  decision  to  outsource  to  IBM 
and  its  subsequent  move  to  bring 
the  work  back  in-house.  And  he  is 
not  the  only  one  who  suffered  such 
whiplash.  In  interviews  with  a 
number  of  current  and  former 
employees,  CIO  repeatedly  heard  stories  of  diminished  morale 
and  decreased  productivity  over  the  past  several  years. 

But  the  bank’s  decisions  have  had  ramifications  even  bigger 
than  poor  morale  or  the  loss  of  employee  trust.  JPMorgan’s  deci¬ 
sion  to  bring  IT  back  in-house— though  applauded  by  most  indus¬ 
try  analysts,  IT  experts  and  even  employees  like  Rosario  as  the 
right  thing  to  do— has  been  a  costly  and  difficult  move,  according 
to  analysts  and  current  and  former  employees.  It  has  eaten  up 
years  of  management  time  and  attention  as  managers  prepared 
the  organization  for  the  outsourcing  and  then  reorganized  again 
to  bring  the  work  back  in-house.  A  number  of  IT  projects  were 


slowed  down  and  some  day-to-day  tasks  did  not  get  done,  caus¬ 
ing  a  lot  of  pent-up  demand  for  IT  services,  according  to  several 
employees.  In  sum,  JPMorgan’s  experience  stands  as  a  cau¬ 
tionary  tale  for  any  CIO  considering  a  multibillion-dollar  out¬ 
sourcing  deal. 

“Bringing  outsourced  work  back  in-house  can  cause  such 
disruption  to  an  organization  that  most  people  don’t  do  it,”  says 
Ralph  Schonenbach,  CEO  of  the  Trestle  Group,  an  outsourcing 
consultancy  based  in  Zurich,  Switzerland.  “It’s  a  very  difficult 
and  painful  change  for  an  organization  to  go  through.” 

For  their  part,  JPMorgan  officials  deny  any  such  struggle. 
“This  has  been  a  smooth  transition  because  the  same  people— 
the  IBM  employees  and  contractors  supporting  the  JPMorgan 
account— were  transferred  back  to  JPMorgan.  They  simply 
changed  employers,  not  jobs,”  says  JPMorgan  spokesperson 
Charlotte  Gilbert-Biro.  “In  addition,  Bank  One  executives  and 
managers  are  experienced  at  transitioning  technologists  back 
in-house.” 

Employee  FATIGUE 

On  Dec.  20,  2002,  JPMorgan  announced  its  seven-year  out¬ 
sourcing  arrangement  with  IBM— including  data  centers,  help 
desks,  distributed  computing,  and  data  and  voice  networks— 
with  great  fanfare.  “We  view  technology  as  a  key  competitive 
advantage,”  stated  Thomas  B.  Ketchum,  JPMorgan’s  vice  chair¬ 
man,  in  a  company  press  release.  “Our  agreement  with  IBM 
will  create  capacity  for  efficient  growth  and  accelerate  our  pace 
of  innovation  while  reducing  costs,  increasing  quality  and  pro¬ 
viding  exciting  career  opportunities  for  our  employees.” 

The  deal  would  help  JPMorgan  create  “significant  value” 
for  its  clients,  shareholders  and  employees,  Ketchum  prom¬ 
ised.  Less  than  a  year  into  the  relationship,  then-CIO  John 
Schmidlin  said  at  a  Gartner  outsourcing  summit  that  his  only 
regret  was  that  they  hadn’t  signed  the  deal  with  IBM  sooner. 

Fast-forward  to  Sept.  15,  2004,  when  JPMorgan  announced 
the  premature  end  of  the  contract  with  IBM  with  equal  flourish 
and  similar  promises.  In  another  company  press  release,  Austin 
Adams,  the  former  CIO  of  Bank  One  who  took  over  for  Schmidlin 
as  CIO  for  the  $1.1  trillion  merged  bank,  said,  “We  believe 
managing  our  own  technology  infrastructure  is  best  for  the  long¬ 
term  growth  and  success  of  our  company,  as  well  as  our  share¬ 
holders.  Our  new  capabilities  will  give  us  competitive  advantages, 
accelerate  innovation,  and  enable  us  to  become  more  stream¬ 
lined  and  efficient.”  (Adams,  who  also  presided  over  the  back- 
sourcing  of  Bank  One’s  deal  with  IBM  a  few  years  earlier,  declined 
to  be  interviewed  for  this  story.  Schmidlin  could  not  be  reached 
for  comment.) 

The  fact  that  JPMorgan  officials  gave  basically  the  same  rea¬ 
sons  for  the  retreat  from  the  mega-outsourcing  deal  that  they 
had  proffered  for  inking  the  deal  in  the  first  place  left  some 
employees  confused  and  resentful.  “Morale  was  not  high,”  says 
one  former  consultant  who  managed  server  support  at  JPMorgan 
and  was  let  go.  He  asked  not  to  be  named. 


JPMorgan  Chase  &  Co. 

JPMorgan  Chase  is  the 
second-largest  financial  serv¬ 
ices  firm  in  the  United  States. 
The  current  company  was 
created  on  completion  of 
the  merger  between  JPMorgan 
Chase  and  Bank  One  in 
July  2004. 

Revenue:  $56.9  billion 

Assets  under  management: 

$1.1  trillion 

Employees:  160,968 

Location:  Corporate  headquar¬ 
ters  in  New  York  City 

Lines  of  business:  Asset  and 
wealth  management,  card 
services,  commercial  banking, 
investment  banking,  retail 
financial  services,  treasury 
and  security  services 


66 


SEPTEMBER  1,  2005  |  www.cio.com 


Some  workers  had  been  hit  by  the  outsourcing  where 
it  hurt  even  more— in  their  paychecks.  Though  many 
employees  (such  as  Rosario)  saw  only  the  company 
name  on  their  paychecks  change,  others  (typi¬ 
cally  consultants)  took  significant  pay  cuts  by 
moving  to  IBM.  “The  five  people  in  my  group 
[all  consultants]— which  included  network, 
systems  and  database  administrators— were 
all  told  that  they  had  to  reapply  for  their 
jobs,”  says  Scott  Kirwin,  who  worked  as  an 
independent  consultant  for  JPMorgan  in 
New  York  from  July  2002  until  April  2003. 

“A  lot  of  them  did,  but  they  were  hired  at 
salaries  that  were  20  percent  less.” 

JPMorgan  declined  to  comment  on  any 
salary  reductions  or  layoffs  that  may  have 
occurred  during  the  outsourcing  and  back- 
sourcing.  However,  bank  officials  at  the  time 
said  that  approximately  4,000  people,  includ¬ 
ing  employees  and  contractors,  were  trans¬ 
ferred  to  IBM  during  the  initial  phase  of  the 
outsourcing.  According  to  the  bank’s  2003 
annual  report,  2,800  of  these  people  were  full¬ 
time  employees.  In  a  statement  announcing  it 
would  bring  IT  back  in-house,  JPMorgan  offi¬ 
cials  said  that  roughly  4,000  workers  would 
return  to  the  bank.  According  to  the  bank’s  2004 
annual  report,  3,100  of  those  people  were  full-time 
employees  and  800  were  contractors.  Some  of  the 
original  contractors  were  either  hired  as  employees 


The  back  and  forth  of  sourcing  at  JPMorgan  TOOK  ITS  TOLL  ON 
STAFF  MORALE  AND  PRODUCTIVITY,  according  to  a  number 
of  former  and  current  employees. 


by  IBM  at  lower  salaries  or  laid  off,  according  to  several  current 
and  former  JPMorgan  workers. 

Meanwhile,  productivity  at  JPMorgan  took  a  hit,  according 
to  several  former  and  current  employees.  “For  more  than  a 
year,  there  were  a  lot  of  people  not  getting  any  work  done.  They 
didn’t  know  where  they  were  going  to  be,  they  didn’t  want  to 
commit  to  projects,  and  they  started  slacking  off,”  says  a  former 
consultant  who  used  to  manage  server  support  for  JPMorgan. 
(He  has  since  gotten  another  full-time  IT  position  at  a  major 
company.)  Among  the  projects  not  getting  done  were  server 
migrations,  data  center  upgrades  and  network  patches.  “When 
people  aren’t  productive,  the  company  loses  money,”  he  says. 

During  the  backsourcing,  layoffs  also  occurred.  Some  were 
merger-related.  (When  Bank  One  made  its  own  backsourcing 


move  in  2002,  the  company  chose  not  to  invite  back  some  of  the 
employees  it  had  transferred  to  IBM,  taking  the  opportunity  to 
“upgrade  talent  where  appropriate,”  says  JPMorgan  spokes¬ 
woman  Gilbert-Biro.)  While  JPMorgan  says  more  than  97  per¬ 
cent  of  the  employees  and  contractors  accepted  their  offer  to 
return  to  the  bank  when  the  backsourcing  initially  took  place, 
Rosario  says  many  people  are  worried  they  will  no  longer  be 
needed  because  of  the  merger  with  Bank  One.  And  some  have 
already  lost  their  jobs.  “I’ve  seen  several  project  managers  and 
IT  middle  managers  let  go,”  he  says.  “And  I’ve  seen  some  peo¬ 
ple  who  have  the  option  leave  before  they  got  laid  off.  I  had 
options  here  in  the  bank,  and  I  exercised  those.” 

Analysts  confirm  that  there  have  been  layoffs  during  the 
backsourcing.  These  firings  “don’t  get  much  attention  because 


www.cio.com  |  SEPTEMBER  1.  2005 


67 


Outsourcing 


they  aren’t  nearly  the  size  of  the  4,000-person  workforce 
involved  in  the  megadeal  at  IBM,  but  layoffs  have  been  occur¬ 
ring,”  says  Susan  Cournoyer,  vice  president  of  research  with 
Gartner  Research. 

JPMorgan  has  announced  that  the  merger  will  result  in  a 
total  of  12,000  layoffs  by  2007.  The  bank,  however,  insists  that 
many  of  the  merger-related  job  eliminations  will  not  occur  in 
IT.  “The  vast  majority  of  job  reductions  are  in  call  centers,  oper¬ 
ating  centers  and  back-office  support,  and  do  not  affect  tech¬ 
nology,”  says  Gilbert-Biro. 

The  COST  of  Reorganization— Times  Two 

There  was  a  price  to  pay  at  JPMorgan— not  only  in  low  morale 
and  employee  turnover  during  the  back-and-forth  of  sourcing, 
but  also  in  the  reduced  well-being  of  the  IT  organization  and 


corporation  as  a  whole.  That  price  included  the  time  and 
expense  it  took  to  first  reorganize  the  company  to  support  an 
outsourcing  arrangement  and  then  to  reverse  those  changes  to 
prepare  for  a  backsourced  environment.  Kirwin  saw  the  dis¬ 
traction  it  caused  at  JPMorgan,  as  managers  and  staff  had  to 
work  on  things  such  as  documenting  and  presenting  informa¬ 
tion  required  for  the  outsourcing— describing  staffing  levels, 
current  skills,  budgets  and  work  assignments,  and  quantifying 
what  their  teams  did  on  a  day-to-day  basis— all  in  addition  to 
their  normal  duties.  This  kind  of  additional  work  lasted  from 
the  time  when  the  initial  plans  for  outsourcing  were  being  dis¬ 
cussed  all  the  way  through  the  period  after  the  outsourcer  was 
chosen,  and  continued  through  the  outsourcing  deal’s  duration. 

“The  minute  you  start  talking  about  outsourcing,  you  lose  pro¬ 
ductivity,  not  just  among  us  employees  but  managers  and  direc- 


BACKSOURCING  Best  Practices 


Backsourcing— that  is,  bringing  IT 
functions  back  in-house  after 
they’ve  been  outsourced— may 
be  the  right  move  to  make  for 
some  companies,  such  as  JPMorgan 
Chase.  But  it  isn’t  easy.  "There  isn’t  a  lot  of 
quantitative  data  out  there  on  how  to  do 
this  right,”  says  Jeff  Kaplan,  senior  con¬ 
sultant  with  the  Cutter  Consortium’s 
Sourcing  and  Vendor  Relationships  Advi¬ 
sory  Service  and  the  managing  director  of 
ThinkStrategies.  But  some  best  practices 
are  beginning  to  emerge. 

Ironically,  the  best  time  to  think  about 
backsourcing  an  IT  function  is  before  you 
outsource  it.  Smart  CIOs  make  sure  they 
have  a  sort  of  prenuptial  agreement  in 
their  outsourcing  contracts.  “Otherwise,  it 
becomes  very  messy,  just  like  a  bad 
divorce,  where  decisions  are  made  based 
on  pure  emotion  rather  than  in  a  rational 
way,”  Kaplan  says.  Such  provisions  clearly 
state  the  terms  by  which  the  company  can 
terminate  the  outsourcing  contract  and 
regain  control  of  their  operations  in  the 
event  that  outsourcing  fails. 

JPMorgan  likely  had  such  provisions  in 
its  contract  with  IBM,  Kaplan  says,  but 
still  had  to  pay  millions  to  end  the  con¬ 
tract  early.  Even  so,  a  “prenup”  does  help 


mitigate  some  of  the  risks  and  ensure  a 
smooth  transition  of  IT  functions  back  to 
the  enterprise,  he  says.  The  following 
steps  may  not  reduce  the  costs  of  bring¬ 
ing  a  big  outsourcing  deal  back  in-house, 
but  they  can  ensure  that  the  investment 
pays  off  in  the  long  run. 

1.  Notify  the  outsourcer  of  the 
initiation  of  the  backsourcing 
process.  This  may  be  necessary,  not 
only  to  comply  with  contractual  obliga¬ 
tions  but  also  to  help  foster  a  more 
cooperative  climate. 

2.  Perform  an  operations  audit 
and  needs  assessment,  in  the  best 

outsourcing  scenarios,  this  kind  of  docu¬ 
mentation  will  already  have  been  created 
on  a  regular  basis.  In  the  worst,  the  lack 
of  such  documentation  may  lead  to  a  fail¬ 
ure  to  meet  expectations. 

3.  Establish  a  backsourcing  plan 
and  Schedule.  Include  provisions  to 
ensure  that  the  outsourcer  returns  all 
enterprise-related  property,  continues  to 
support  the  company’s  staff  for  a  speci¬ 
fied  period  of  time,  provides  services  until 
the  company  can  reassume  full  control  of 


operations  and  maintains  satisfactory 
service  levels  during  the  transition. 

4.  Quickly  determine  staff  reas¬ 
signment  and  responsibilities,  it  s 

best  to  do  this  as  soon  as  possible  to  mini¬ 
mize  staff  uncertainty  and  related  produc¬ 
tivity  and  morale  issues. 

5.  Develop  security  policies  to 
protect  proprietary  information. 

Procedures  for  implementing  new  techni¬ 
cal  and  password  protections  should  be 
established  to  minimize  the  risk  associated 
with  disgruntled  employees  accessing  pro¬ 
tected  data  or  disrupting  IT  systems. 

6.  Make  business  continuity  part 
of  the  backsourcing  plan,  it’s 

important  to  include  disaster  recovery  pro¬ 
cedures  for  possible  business  disruptions 
duringthe  transition. 

7.  Communicate  the  backsourc¬ 
ing  plan,  goals  and  objectives  to 
the  enterprise  and  affected  third 
parties.  This  will  help  gain  the  support 
and  cooperation  of  internal  and  external 
customers,  partners,  vendors  and  share¬ 
holders  affected  by  the  change.  -S.O. 


68 


SEPTEMBER  1,  2005  |  www.cio.com 


MicroStrategy  is  #1  in 

Customer  Loyalty 

in  the  Business  Intelligence  Market 


In  a  recent  industry  survey  that  measured  customer  loyalty, 
MicroStrategy  outscored  all  of  the  competition. 


1  MicroStrategy 

2  Applix  TM1 

3  SAP  BW 

4  Microsoft  AS 

5  MISAlea 

6  Oracle  OLAP  Servers 

7  Business  Objects 

8  Hyperion  Essbase 

9  Oracle  Discoverer 
10  Cognos  PowerPlay 

60%  70%  80%  90% 

The  OLAP  Survey  4  measures  nearly  1 .000  customer  sites  and  is  the  largest  independent  survey  of  business  intelligence  (81)  products.  It  is  conducted  annually  by  Survey.com  and  industry  analyst,  Nigel  Pendse. 


.....  ..... 


VNflll 


mmisma 


Report.  Analyze.  Monitor. 


Today,  thousands  of  organizations  worldwide  depend 
on  MicroStrategy  to  report,  analyze,  and  monitor  their 
mission-critical  business  data.  According  to  independent 
surveys,  MicroStrategy  customers  access  the  largest 
databases,  have  the  largest  business  user  populations, 
and  report  higher  business  benefit  from  their  business 
intelligence  applications. 


MicroStrategy  has  been  hailed  by  industry  analysts  for  its 
uniquely  integrated  architecture,  its  user  and  data  seal- 
ability,  and  its  dramatic  ease  of  use.  It  gives  business  users 
integrated  dashboards,  reporting,  and  analysis  they  desire 
and  provides  IT  staff  an  easily  maintainable  industrial- 
strength  business  intelligence  platform  they  need. 


For  your  Free  Evaluation 
"1||»  Software,  visit  us  at 

www.microstrategy.com/CD 

y 


Outsourcing 


tors  who  have  to  set  aside  what  they’re  hired  to  do  to  talk  about  this 
significant  business  change,”  says  Kirwin.  “And  there’s  never  a 
dollar  figure  attached  to  that.”  If  there  were,  “they  might  not  sign 
these  deals  in  the  first  place,”  he  adds. 

Specifically,  you  have  to  bring  in  a  consultancy  to  help  you 
figure  out  your  outsourcing  strategy  and  how  to  reengineer 
your  processes  for  outsourcing.  And  then,  you  have  to  make  lots 
of  investments  in  HR  to  counsel  employees,  the  Trestle  Group’s 


That’s  why,  even  though  the  majority  of  outsourcing  deals 
are  less  than  satisfactory,  most  companies  try  to  work  things 
out  with  their  service  providers  rather  than  backsourcing. 
According  to  a  recent  study  by  Deloitte  Consulting,  70  per¬ 
cent  of  senior  executives  reported  significant  negative  experi¬ 
ences  with  outsourcing  projects,  but  only  25  percent  of 
respondents  brought  the  work  back  in-house.  “That  organiza¬ 
tional  disruption  is  what’s  kept  companies  from  backing  out  of 


WHEN  COMPANIES  BRING  I.T.  BACK  IN-HOUSE,  it  routinely 
costs  them  more  to  run  their  own  data  centers  and  help  desks 
than  it  would  to  continue  outsourcing  them— in  the  short  term 
at  least. 


Schonenbach  says.  You  also  have  to  spend  money  on  retention 
bonuses  to  keep  key  employees  around  during  the  transition. 

Then,  “if  you  decide  to  insource,  you  have  to  do  that  all 
over  again  in  reverse,  and  it  costs  you  twice  as  much,”  he  adds. 
“These  deals  take  a  long  time  to  pay  off  for  both  the  customer 
and  the  outsourcer.  So  when  you  end  it  early,  you’re  losing  a  lot 
of  money.” 

JPMorgan  won’t  say  how  much  the  divorce  cost  them,  and 
IBM  isn’t  talking  either.  But  a  number  of  analysts  say  that 
because  the  bank  ended  the  contract  prematurely— just  21 
months  into  its  seven-year  contract— it  paid  a  substantial  price. 

To  terminate  a  contract  of  that  size  that  early  into  the  deal, 
JPMorgan  likely  had  to  pay  IBM  millions  of  dollars,  says 
Christopher  Ford,  a  partner  at  the  law  firm  Alston  &  Bird  in 
Washington,  D.C.,  who  recently  led  a  team  of  lawyers  on  ING 
Insurance  Americas’  $600  million  IBM  outsourcing  deal. 
Cournoyer  agrees  that  a  “low-end  estimate”  for  the  final  penalty 
would  be  in  the  multimillions  of  dollars. 

When  companies  bring  IT  back  in-house,  it  routinely  costs 
them  more— in  the  short  term  at  least— to  run  their  own  data 
centers,  help  desks,  distributed  computing,  and  data  and  voice 
networks  than  it  does  to  continue  outsourcing  them,  according 
to  Jeff  Kaplan,  senior  consultant  with  the  Cutter  Consortium’s 
Sourcing  and  Vendor  Relationships  Advisory  Service  and  the 
managing  director  of  ThinkStrategies.  Clearly,  JPMorgan  will 
be  taking  advantage  of  the  $1  billion  that  Bank  One  invested  in 
its  own  data  centers  and  IT  infrastructure  over  the  past  few 
years.  But  it  must  now  reestablish  all  of  its  own  systems,  staffs 
and  operating  procedures,  and  “realign  them  with  the  busi¬ 
ness  so  that  they  fit  with  the  corporate  structure  and  strate¬ 
gies,”  Kaplan  says. 

Employees  confirm  there  is  a  big  readjustment  going  on 
inside  the  bank.  “In  some  cases,  responsibilities  are  getting 
greatly  redefined,  sometimes  completely  reversing  the  way 
things  had  been  done,”  Rosario  says. 


outsourcing  relationships,”  Ford  says. 

JPMorgan  officials,  however,  say  the  disruption  was  minimal. 
“We  were  only  21  months  into  the  contract  with  IBM,  and  JPMor¬ 
gan  hadn’t  yet  moved  the  bulk  of  the  work  to  IBM’s  data  cen¬ 
ters,”  says  Gilbert-Biro. 

The  Price  of  STAGNATION 

In  recent  years,  IBM  has  made  a  successful  push  toward  sign¬ 
ing  more  mega-outsourcing  deals.  For  the  past  three  years,  in 
fact,  its  IT  services  business  has  accounted  for  nearly  half  the 
company’s  total  revenue,  growing  from  $36.3  billion  in  2002  to 
$46.2  billion  in  2004.  In  its  2004  annual  report,  IBM  noted 
that  its  IBM  Global  Services  unit  earns  more  than  twice  the 
annual  revenue  of  its  closest  rival.  In  fact,  around  the  same 
time  that  JPMorgan  signed  its  deal  with  IBM,  IBM  also 
signed  several  multibillion-dollar  contracts  (five  worth  over 
$1  billion  in  2002  and  seven  in  2003)  with  major  companies— 
including  American  Express  ($4  billion  in  2002),  Deutsche 
Bank  ($2.5  billion  in  2002)  and  Michelin  ($1.21  billion  in 
2003)— that  have  not  been  canceled. 

However,  in  the  past  year,  the  outsourcing  contracts  IBM 
has  signed  have  been  smaller  and  shorter  in  duration.  Experts 
such  as  Schonenbach  and  Dane  Anderson,  program  director 
for  Meta  Group,  say  this  is  largely  because  megadeals  are  not 
that  profitable  for  the  vendor,  particularly  in  the  short  term.  As 
a  result,  some  outsourcers  try  to  make  money  by  charging  cus¬ 
tomers  for  services  they  consider  outside  the  contract,  experts 
say.  And  if  the  customer  resists  paying  for  these  extra  but  often 
necessary  improvements,  it  can  have  a  deleterious  impact  on  IT. 
And  indeed,  a  number  of  employees  who  worked  on  both  the 
Bank  One  and  JPMorgan  outsourcing  deals  say  they  were  bad 
for  the  banks  in  terms  of  IT  innovation  and  efficiency. 

In  the  Bank  One  deal,  “outsourcing  the  entire  IT  staff  stag¬ 
nated  us,  from  a  technology  viewpoint,”  says  the  JPMorgan  sys¬ 
tems  engineer  who  survived  the  outsourcing— and  then 


70 


SEPTEMBER  1,  2005  |  www.cio.com 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s  Information 
Availability.  It's  what  your  employees,  suppliers  and  customers 
demand  every  minute  of  every  day.  But  to  deliver  it  flawlessly,  you 
need  a  massive  global  infrastructure,  redundant  systems  and  diverse 
networks  being  monitored  and  supported  by  skilled  technical  experts 
at  secure  facilities.  That's  exactly  what  SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save 
your  company,  on  average,  25%*  versus  building  the  infrastructure 
yourself.  Plus,  it’s  a  vendor  neutral  solution  that  lets  you  control  your 
data,  applications  and  network  while  giving  you  the  flexibility  to 
adjust  to  the  changing  needs  of  your  business.  But  best  of  all,  it  lets 
you  spend  more  time  solving  business  problems  and  less  time  solving 
technical  problems. 


For  years,  companies  around  the  world  have  turned  to  SunGard 
to  restore  their  systems  when  something  went  wrong.  So,  it’s  not 
surprising  that  they're  now  turning  to  us  to  mitigate  risk  and  make 
sure  they  never  go  down  in  the  first  place. 

You  want  your  network  and  systems  to  always  be  up  and  running. 
We  want  the  same  thing.  Let’s  get  together.  To  learn  more,  visit 
www.availability.sungard.com  or  call  1-800-468-7483. 

SUNGARD* 

Availability  Services 

’Potential  savings  based  on  IDC  White  Paper,  Ensuring  Information  Availability:  Aligning  Customer 
Needs  with  an  Optimal  Investment  Strategy. 


Keeping  People 
and  Information 
Connected. 


Outsourcing 


JPMORGAN’S  DECISION  TO  BACKSOURCE  has  slowed  down 
a  number  of  projects,  causing  pent-up  demand  for  IT  services, 
according  to  several  employees. 


backsourcing— at  Bank  One.  “Once  they  signed  the  contract,  we 
didn’t  move  at  all  beyond  that  date  as  far  as  picking  up  new  tech¬ 
nologies  that  would  give  us  a  competitive  advantage.  Technology 
was  not  refreshed,  and  new  projects  were  not  rolled  out.” 

The  problem  was  with  the  way  things  did— or,  more  accu¬ 
rately,  didn’t— get  done.  “The  contract  between  Bank  One  and 
IBM  had  enough  vagueness  within  it  that  IBM  could  charge 
for  anything  that  wasn’t  already  being  done  within  the  bank 
before  the  deal  began,”  he  says.  “Our  IBM  managers  said  if 
something  wasn’t  stated  specifically  in  the  contract— a  par¬ 
ticular  task  or  a  type  of  support— they  wouldn’t  have  us  do  it 
unless  the  bank  paid  them  more.  So  a  lot  of  things  didn’t 
get  done.” 

For  example,  every  time  Bank  One  needed  him  to  add  or 
remove  a  user  because  of  a  new  hire  or  fire,  he  and  his  team  of  50 
had  to  go  onto  all  1,500  servers  to  add  or  remove  that  person. 
There  was  a  Tivoli  module  that  could  have  been  added  to  help 
manage  user  accounts  more  efficiently,  and  he  notified  his  IBM 
manager.  “If  you  can  find  a  way  to  make  the  bank  pay  for  it,  then 
we’ll  do  it,”  he  was  told.  The  module  was  never  added.  Another 
Bank  One  systems  administrator  who  was  hired  on  by  IBM  says 
he  also  saw  several  examples  in  which  IBM  declined  to  imple¬ 
ment  additional  improvements  because  Bank  One  would  not 
pay  for  them. 

The  same  thing  happened  with  JPMorgan  during  its  time 
with  IBM,  say  several  employees  involved  in  that  outsourcing 
deal.  According  to  the  former  consultant  who  worked  for  the 
bank  in  New  York  before  and  after  the  outsourcing  relation¬ 
ship,  “IBM  caused  tremendous  headaches  for  JPMorgan  and 
the  company’s  infrastructure,  nickel-and-diming  to  control  their 
own  costs.” 

Others  saw  the  same  things  at  other  IT  locations.  During  the 
21  months  when  IBM  was  in  charge,  “Things  that  used 

to  get  done  no  longer  got 
done,”  says  a  database 
administrator  who  was 
hired  by  IBM  from  JPMor¬ 
gan  in  Columbus,  Ohio. 

In  fact,  it  seemed  that 
even  ordinary  office  prod¬ 
ucts  were  hard  to  procure 
in  a  timely  manner.  “Even 
office  supplies  had  to  be  approved  two  levels  above  my  boss,” 
Rosario  says.  “[IBM]  even  delayed  getting  batteries  for  our 
pagers,  and  some  project  managers  had  to  go  and  buy  their 
own  reams  of  paper  at  Staples.”  Rosario  adds  that  during  the 


last  six  months  of  the  JPMorgan  outsourcing  deal,  IBM  halted 
all  projects.  An  IBM  spokesman  declined  to  comment,  citing 
contractual  obligations. 

Once  the  work  was  backsourced,  even  the  JPMorgan  systems 
engineer— who  knew  what  to  expect,  having  gone  through  the 
same  thing  at  Bank  One— was  amazed  by  the  projects  that  had 
sat  idle  during  the  outsourcing.  “What  I’m  seeing  now  is  a  whole 
lot  of  pent-up  project  demand,”  he  says.  “Now  that  it’s  all 
insourced,  we’re  pushing  straight  ahead,  and  it’s  really  keeping 
us  busy.” 

However,  the  procedures  put  in  place  to  deal  with  an  out¬ 
sourced  environment  continue  to  slow  work  down,  according  to 
two  JPMorgan  employees.  During  the  outsourcing,  all  connec¬ 
tivity  and  possible  combinations  of  hardware  and  software 
were  tested  in  a  lab  environment  before  JPMorgan  told  IBM 
what  it  could  install  and  how  to  do  it.  “They  wanted  to  make 
sure  the  vendor  would  put  things  in  the  right  way  and  always 
use  best  practices,”  says  the  systems  engineer.  “They  have  cer¬ 
tification  labs  to  test  things  to  the  nth  degree,  which  on  the  sur¬ 
face  sounds  good.  But  [because  of  the  testing  backlog],  they’ve 
got  equipment  out  there  that’s  six  or  seven  years  old  and 
hasn’t  been  upgraded.  It’s  really  slowing  us  down.”  JPMorgan 
confirmed  that  it  continues  to  rely  on  the  certification  processes. 

More  OUTSOURCING  Ahead? 

Despite  JPMorgan’s  insistence  on  the  value  of  backsourcing,  some 
analysts  speculate  that  the  bank  plans  to  do  more  offshore  out¬ 
sourcing  in  the  future.  The  bank  already  has  a  captive  offshore 
center  in  Mumbai,  India,  that  performs  business  process  func¬ 
tions,  such  as  accounting  and  call  center  work.  It  will  have  3,000 
employees  by  the  end  of  2005,  according  to  CIO  Adams.  And 
JPMorgan  has  already  done  some  IT  work  with  Cognizant, 
Infosys,  mPhasis  and  Wipro— though  over  the  past  several  years, 
both  the  bank  and  its  offshore  partners  have  been  mum  on  their 
current  and  future  projects.  However,  Gartner’s  Cournoyer  pre¬ 
dicts  there  will  be  more  going  offshore.  “They  seem  to  be  replac¬ 
ing  one  big  megadeal  with  a  more  diverse  multisourcing  strategy 
that  includes  offshore,”  says  Cournoyer. 

Even  so,  experts  don’t  expect  that  JPMorgan  will  announce  a 
big  offshore  outsourcing  deal  with  the  fanfare  that  accompa¬ 
nied  its  IBM  arrangement.  “No  big  financial  services  company 
is  going  to  say,  We  just  ended  our  $5  billion  deal  with  IBM,  and 
we’re  sending  most  of  the  work  in  piece  parts  to  India,” 
Cournoyer  says.  HE] 


Senior  Editor  Stephanie  Overby  can  be  reached  at  soverby@cio.com. 


Share  Your  Knowledge 


JPMorgan  Chase  ran  into  some  roadblocks  in 
bringing  IT  back  in-house  from  an  outsourc¬ 
ing  deal.  How  would  you  have  done  it?  ADD 
A  COMMENT  atthe  online  version  of  this 
story.  Find  the  link  at  www.cio.com/090105. 

cio.com 


72 


SEPTEMBER  1,  2005  |  www.cio.com 


CIO LEADERSHIP 


Travel  the  path 
to  leadership  with  CIOs 
who  have  been  there... 


Targeted  essays  on  how  to  be  a  better  IT  leader. 

•  Essential  skills  and  career  planning 

•  Strategic  planning  and  alignment 

•  Staff  management 

•  Influence  and  negotiation 

•  Executive  relations  and  politics...  and  more 

Drawn  from  the  real-world  experience  of  veteran 
CIO  columnists: 

•  Patricia  Wallington,  Former  CIO  of  Xerox 

•  Jerry  Gregoire,  Retired  CIO  of  Dell  Computer 

•  Susan  Cramm,  Executive  Coach,  Former  CIO  of 
Taco  Bell 

•  Christopher  Hoenig,  Managing  Director  of 
Strategic  Issues  for  the  U.S.  Government 
Accountability  Office 


THE  ESSENTIAL 


Leadership  Strategies  for  Personal 
and  Professional  Success 


Targeted  essays  from  CIO  magazine 

Edited  by  Richard  Pastore 
and  Edward  Prewitt 


Now  available  in  hardcover  at 

The  CIO  Store 


The  Resource 
for  Information 
Executives 


FOR  EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE. 

www.TheCIOStore.com 


View  from  the  Top 


Zurich  North  America 
Small  Business 


Headquarters:  Schaumburg,  III. 
Industry:  Commercial  property  and 
casualty  insurance 
IT  Executive:  Tom  Peach, 
senior  vice  president  for  IT 


Zurich  North  America  Small  Business 

CEO  Ray  Thomas  believes  in  using  IT  to  drive  the 
insurance  company’s  goals  of  reducing  transaction 
costs  and  growing  its  stable  of  insurance  agents 


BY  ELANA  VARON 


In  the  insurance  business,  a  healthy  balance  sheet  depends  on 
keeping  independent  agents  happy  and  making  sure  customers 
get  fast,  convenient  service.  And  so,  in  the  past  decade,  major 
insurance  companies  have  embraced  the  Internet  as  a  way  to 
cut  bureaucracy  By  Web-enabling  the  systems  that  compute 
premiums  and  process  claims,  insurers  can  reduce  costs,  sell 
more  policies  and  resolve  claims  more  quickly  This  trend  has 
brought  IT  from  the  back  room  to  the  front  office. 

Zurich  North  America  Small  Business  is  no  different.  The  com¬ 
mercial  property  and  casualty  organization  is  a  business  unit 
of  Zurich  North  America,  which  itself  is  part  of  Zurich  Financial 
Services.  The  small  business  group  deployed  a  Web-based  under¬ 
writing  system  in  1999  that  has  helped  the  company  triple  its 

74 


annual  revenue  (see  “Real  Businessman 
Play  with  Dolls,”  Feb.  15).  More  recently,  IT 
investments  have  helped  the  company  with 
its  goal  of  improving  its  competitive  posi¬ 
tion  in  the  automobile  insurance  market. 

CEO  Ray  Thomas  has  driven  IT  invest¬ 
ments  at  Zurich  because  he  recognizes  that 
IT  is  essential  to  the  company  achieving  its 
strategic  goals  of  expanding  its  market  share 
and  increasing  the  number  of  agents  who  sell 
its  policies.  But  Thomas  doesn’t  simply  hand 
a  blank  check  to  the  IT  group.  He  pushes  his 
direct  reports  and  his  IT  team  to  work 
together  to  jettison  projects  that  aren’t  meet¬ 
ing  deadlines  and  won’t  yield  big  payoffs.  His 
philosophy:  Late  deployments  mean  missed 
opportunities  to  generate  profits. 

But  it  takes  more  than  a  mutual  devotion 
to  making  the  numbers  to  ensure  eollabora- 


SEPTEMBER  1.  2005  |  www.cio.com 


PHOTOGRAPHY  BY  STEVEN  VOTE 


Zurich  North  America 

Small  Business  CEO  Ray 

Thomas  expects  IT  to 

::  Meet  deadlines 

::  Reduce  the  cost  of  issuing 
policies  and  conducting 
transactions 

::  Help  to  attract  and  retain 
independent  agents  and 
customers 


Zurich  North  America  Small 


Business  CEO  Ray  Thomas 
says  he  expects  the  CIO 
to  be  able  to  “manage  his 
intellectual  capital  in  a  way 


that  we're  getting  what  we 
need  to  serve  our  projects. 
Don't  underestimate  the 
challenge  of  that  for  him." 


' -  ,v:  • . 

;  i  '? 

:  ,:m  ■ 

■#km : 


really  understands  the  importance  of  reinforcement, 
of  communication,  of  a  pat  on  the  back." 

-ZURICH  NORTH  AMERICA  SMALL  BUSINESS  CEO  RAY  THOMAS 


tion  between  business  leaders  and  IT. 
Thomas  says  employees  need  to  feel  good 
about  their  jobs  too.  He  devotes  significant 
energy  to  keeping  up  morale  by  making  sure 
IT  workers  know  the  results  of  their  work 
and  by  letting  them  know  when  they’ve 
done  a  good  job.  On  the  day  Thomas  talked 
with  CIO  Senior  Editor  Elana  Varon,  he 
attended  a  luncheon  for  60  IT  employees 
who  were  celebrating  the  rollout  of  a  big 
project.  “I  don’t  think  American  business 
really  understands  the  importance  of  rein¬ 
forcement,  of  communication,  of  a  pat  on  the 
back,”  he  says. 

Zurich  Financial  Services  recently 
outsourced  application  development  and 
maintenance  for  all  of  its  business  units 
worldwide— a  move  designed  to  cut  costs  and 
provide  labor  flexibility.  As  a  result,  many 
former  IT  staff  members  are  now  on  the  out¬ 
sourcer’s  payroll.  Thomas  says  he’s  watch¬ 
ing  carefully  to  ensure  these  workers  are 


treated  as  members  of  the  team,  lest  the  com¬ 
pany’s  collaborative  ethos  be  placed  at  risk. 

Thomas  shares  his  secrets  of  successful 
IT  projects,  how  he  makes  investment  deci¬ 
sions  and  his  wariness  about  outsourcing. 

CIO:  You  like  to  joke  that  the  typical  CEO-CIO  rela¬ 
tionship  is  like  the  scene  from  the  film  Jerry  Maguire, 
where  Cuba  Gooding  Jr.,  as  the  football  player,  shouts, 
“Show  me  the  money!”  You  say  your  relationship  with 
IT  is  more  collaborative.  What  makes  it  that  way? 
Ray  Thomas:  We’re  constantly  refresh¬ 
ing  our  priorities  with  each  other.  We  meet 
every  quarter  in  an  executive  decision  group, 
where  we  probably  have  40,  50  of  us— the 
leadership  of  the  IT  organization  mixed  with 
middle  and  senior  managers  from  product 
underwriting,  marketing  and  sales.  Tom 
Peach,  senior  vice  president  for  IT,  who  has 
responsibility  for  our  platform,  leads  it,  and 
David  Saul  [formerly  the  CIO  of  Zurich 
North  America,  now  head  of  Global  IT 


Architecture  and  Strategy]  on  occasion  will 
come  in.  We  go  through  every  major  open 
project  to  determine  what  stays  and  what 
goes.  That  helps  create  some  glue  in  the  rela¬ 
tionship  because  it  helps  them  understand 
that  we’re  willing  to  throw  some  things  over¬ 
board  that  aren’t  going  to  give  us  the  biggest 
bang  for  the  buck. 

I’ve  worked  for  three  different  insurance 
companies,  and  I  think  that  for  the  most  part, 
when  IT  fulfills  a  spec  it’s  almost  like  how 
McKinsey  works.  IT  is  great  at  doing  the 
diagnostics,  at  laying  out  the  recommenda¬ 
tions  and  quantifying  empirically  all  the 
things  that  go  with  that.  [Then]  they’re  on  to 
something  else  and  nobody  cares  to  show 
them  what  the  actual  result  was.  We  try 
aggressively  to  plug  all  of  the  IT  people  into 
what  their  work  has  done  to  our  bottom  line. 

You  recently  deployed  a  new  system  for  pricing 
commercial  auto  insurance  policies.  What  role 


76 


SEPTEMBER  1,  2005  |  www.cio.com 


CIOs 

RELY 

ON 

THEM 


CFOs 

INSIST 

ON 

THEM 


If  there’s  one  thing  CIOs  and  CFOs  can  agree  on,  it’s  Fujitsu  PRIMERQY®  servers . 


PRIMERGY  BX600 
Blade  Server 


Featuring  the  proven  reliability 
of  Intel®  Xeon™  processors,  PRIMERGY 
blade,  rack  and  tower  servers  give  CIOs  the 
power  to  drive  complex,  business-critical 
enterprise  applications  based  on  Linux  and 
Windows®  operating  systems. 
PRIMERGY  servers  also  provide 
a  low  total  cost  of  ownership  (TCO), 
delivering  the  reliability, 


PRIMERGY  RX600 
Rack  Server 


PRIMERGY  TX300 
Tower  Server 


serviceability,  and  manageability  CFOs 
demand. To  help  maintain  high  performance 
and  low  TCO,  Fujitsu  features  Cool-Safe™ 
cooling  technology.  Developed  with  aviation 
simulation  techniques,  this  innovative,  new 
approach  to  thermal  management  optimizes 
processor  airflow  to  keep  PRIMERGY 
servers  running  at  peak  performance  in 
real-world  IT  environments. 


For  more  information  on  the  complete  line  of  PRIMERGY  servers 
and  how  Fujitsu  PRIMERGY  servers  can  bring  CIOs  and  CFOs  together,  visit 

us.fujitsu.com/computers/PRIMERGY  or  call  1-800-83  1-3 1 83. 


©  Fujitsu  Computer  Systems  Corporation.  All  rights  reserved.  Fujitsu  and  the  Fujitsu  logo  are  registered  trademarks  of  Fujitsu  Limited  in  the  United  States  and  other  countries  PRJMLRGY  is  a  registered  trad 
of  Fujitsu  Siemens  Computers  GmbH  in  the  United  States  and  other  countries.  Intel.  Intel  logo.  Intel  Inside.  Intel  Inside  logo,  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corpc'-atic 

United  States  and  other  countr.es.  Windows  ;s  a  registered  trademark  of  Microsoft  Corporation. 


nark,  and  O 


53fe  t 


View  from  the  Top 


^  I  can  be  very  difficult  if  something 

gOGS  off  track ...  but  I  think  most  of  our  consequences  have 

more  to  do  with  peer  pressure,  with  not  letting  each  other  down/' 

-CEO  RAY  THOMAS 


does  this  system  play  in  helping  you  make  money? 

We  have  two  things  that  we  focus  on  as  top 
priorities  right  now.  One  is  [agent]  retention— 
I  feel  like  we’re  in  a  pretty  good  spot  there. 
We  let  ourselves  slump  a  little  bit  in  terms  of 
the  sophistication  of  our  rating  engine  [which 
is  a  system  for  pricing  insurance  policies]  for 
the  commercial  automobile  line  of  business. 
So  we  made  a  decision  about  two  years  ago 
that  it  was  critical  to  reengineer  the  whole 
architecture  so  that  we  could  compete  effec¬ 
tively  against  Progressive.  All  they  do  is  auto¬ 
mobiles.  We  felt  that  the  quid  pro  quo  over  the 
next  10  years  is  huge,  in  terms  of  the  payback, 
if  we  can  get  this  thing  right. 

What  metrics  do  you  use  to  measure  whether 
you’re  getting  value  out  of  your  IT  investments? 

Productivity  per  employee  is  probably  the 
most  critical  thing,  but  many  other  things 
enter  into  it  too.  When  you  look  at  a  tradi¬ 
tional  paper  transaction,  you’re  looking  at 
the  cost  of  about  $33  per  transaction.  Where 
you  have  some  form  of  technology  helping 
you  through  a  service  center,  it  drops  closer 
to  $18  or  $19.  When  you  operate  in  an  Inter¬ 
net  self-service  environment,  you’d  see  that 
cost  drop  to  about  $1.17. 

You  claim  to  have  an  88  percent  success  rate  for  IT 
projects.  How  do  you  define  success?  And  how  do 
you  achieve  it? 

Success  is  delivering  on  time  and  deliver¬ 
ing  a  quality  product  that  meets  the  origi¬ 
nal  specifications  within  15  percent  or  20 
percent.  On  any  launch,  you’re  going  to 
have  some  things  that  you  change  in  your 
first  90  days.  But  we  try  our  best  to  make 
sure  our  quality  control  is  aggressive  and 
effective  on  the  front  end.  With  the  Inter¬ 
net,  it’s  so  easy  to  get  a  launch  out  there, 
and  if  you  haven’t  paid  attention  to  dotting 
your  i’s  and  crossing  your  t’s,  you’re  going 
to  wind  up  really  paying  the  piper  in  the 
marketplace. 


We’re  also  diligent  about  making  sure  we 
prioritize  our  projects  based  on  our  key  suc¬ 
cess  factors  on  the  business-unit  side  of 
things.  And  then  we’re  very  good  listeners 
when  Dave  [Saul]  or  Tom  [Peach]  come  to  us 
and  say,  “You  know  what?  We’re  not  going  to 
be  able  to  meet  these  specifications  and 
requirements  if  we  continue  to  do  this,  this 
and  this.”  There’s  strong  collaboration 
involved. 

I  can  be  very  difficult  if  something  goes 
off  track.  There’s  got  to  be  a  sense  of  conse¬ 
quences  if  things  don’t  go  the  way  you  want 
them  to  go.  There  are  consequences  of  fir¬ 
ing  people,  but  I  think  most  of  our  conse¬ 
quences  have  more  to  do  with  peer  pressure, 
with  not  letting  each  other  down.  That  is,  of 
course,  the  highest  level  of  relationship. 

You  compete  for  IT  resources  with  Zurich  North 
America’s  other  business  units  because  IT  is  man¬ 
aged  centrally.  What  do  you  expect  CIO  Dave  Saul  to 
do  to  meet  your  needs? 

The  piece  that  is  incredibly  important  to 
him  is  being  able  to  manage  his  intellectual 
capital  in  a  way  that  we’re  getting  what  we 
need  to  serve  our  projects.  Don’t  underesti¬ 
mate  the  challenge  of  that  for  him;  it’s  bal¬ 
ancing  many  balls  in  the  air  at  once. 

But  we  have  to  jointly  create  the  neces¬ 
sary  communication.  What’s  the  governance 
to  make  sure  all  this  happens?  We  have 
an  array  of  different  processes.  Everything 
in  IT  is  matrixed  to  the  CEOs  [of  the  busi¬ 
ness  units],  and  our  job  is  to  compete  for  the 
most  capital  through  a  steering  committee, 
where  we  make  our  cases  relative  to  our 
cost-benefit  analysis. 

How  do  you  make  choices  at  the  business-unit  level 
about  which  new  technology  investments  to  fund? 

I  have  10  direct  reports.  It  is  so  hard  for  all  of 
them  to  sit  around  the  room  with  me  and 
for  us  to  look  at  our  projects  and  say,  “OK, 
this  is  Christmas  morning,  you’re  only 


allowed  two  or  three  gifts.  If  you  had  to  pick 
three,  what  would  they  be?”  We  might  wind 
up  with  four  projects,  but  we’re  certainly  not 
going  to  wind  up  with  10. 

You  go  through  this  exercise  of  prioritiza¬ 
tion,  and  you  really  force  their  hand  because 
you  have  only  so  much  capital  to  spend.  They 
want  a  little  bit  of  everything,  not  three  things 
that  are  really  going  to  make  them  win. 

Tom  and  one  or  two  of  his  staff  need  to  be 
at  a  high  level  because  you  don’t  want  to 
wind  up  getting  emotions  involved.  With¬ 
out  question  what  the  IT  people  want  is  for 
people  to  narrow  the  scope  of  the  things  that 
they’re  doing  to  get  the  greatest  returns. 

Now  that  your  parent  company  has  outsourced  appli¬ 
cations  development  and  maintenance,  the  pro¬ 
grammers  who  worked  on  your  projects  now  work  for 
Computer  Sciences.  What  concerns  do  you  have 
about  whether  outsourcing  will  succeed? 

Number  one  would  be  turnover.  If  I  saw  sig¬ 
nificant  turnover  in  the  outsourced  facility, 
I  would  be  very  concerned.  Number  two 
would  be  the  morale  of  the  IT  staff  [that]  is 
still  here  at  Zurich  managing  the  out¬ 
sourcers.  Obviously,  it’s  incredibly  impor¬ 
tant  that  they,  as  the  leaders  of  this  process, 
feel  good  about  their  ability  to  manage  it. 
And  then  the  third  piece,  which  is  the  real 
rubber  hitting  the  road,  is  how  my  success 
ratios  are  going  on  my  projects. 

We’ve  got  to  do  everything  we  can  to  make 
sure  we  secure  the  outsourced  staff’s  contri¬ 
bution  to  us  and  make  sure  they  still  feel  like 
they’re  part  of  our  team.  That  is  a  challenge 
for  all  of  the  managers  in  IT  now— to  try  to 
create  an  environment  that  allows  them  to 
continue  to  form  relationships  that  make 
them  feel  like  they're  part  of  this  team.  You 
can’t  underestimate  people’s  view  of  getting 
a  paycheck  from  a  different  employer.  EH 


Senior  Editor  Elana  Varon  can  be  reached  at 
evaron@cio.com. 


78 


SEPTEMBER  1,  2005  |  www.cio.com 


PREEMPTIVE  SECURITY  IS  HERE: 


www.iss.net 


WITH  PREEMPTIVE  PROTECTION. 


Proventia  ESP  (Enterprise  Security  Platform)  from  ISS  stops  Internet  threats  before  they  impact  your  business.  With  intrusion  prevention  and  vulnerability 
assessment  products  and  services,  Proventia  ESP  reduces  your  overall  risk  and  helps  enable  regulatory  compliance  and  business  continuity.  Only  ISS  keeps  you 
ahead  of  the  threat  with  preemptive  protection  for  your  entire  enterprise.  Download  a  free  white  paper  at  www.iss.net/ESP/CIO,  or  call  1  -800-776-2362. 


($  Internet  Security  Systems® 

Ahead  of  the  threat  ' 

NETWORK  &  HOST  INTRUSION  PREVENTION  I  VULNERABILITY  MANAGEMENT  I  MANAGED  SECURITY  SERVICES 


©2005  Internet  Security  Systems  Incorporated.  All  rights  reserved. 


forum 


i 


OPEN  SOURCE 


IDEAS  &  INSIGHTS  FROM  THE  CIO  EXECUTIVE  COUNCIL  ::  EDITED  BY  CHERYL  ASSELIN 


Tomorrow’s  Forecast: 

Blue  Skies  and  Open  Source 


With  increasing  attention  on  the  possibilities  of  open 
source,  CIOs  have  many  questions  regarding  its 
capabilities,  viability  and  cost  to  the  organization. 

In  May  2005, 12  CIO  Executive  Council  members  came  together 
via  a  conference  call  to  discuss  the  role  of  open  source  in  their 
organizations,  focusing  on  topics  such  as  this  “free”  software’s 
total  cost  of  ownership  (TCO);  making  a  business  case  to  senior 
executives;  the  relationship  with  the  open-source  community, 
which  shares  code  and  answers  support  questions;  and  what 
types  of  projects  are  best  suited  for  open  source. 

Brian  Shield,  moderator  of  the  conference  call,  shared 
insights  gleaned  from  his  experience  at  The  Weather  Channel. 
When  he  arrived  there  in  fall  1998  as  executive  vice  president 
and  CIO,  Shield  found  a  progressive  company  looking  to  create 
technology  products  that  could  support  the  long-term  vision 
of  the  programming  and  advertising  organizations.  Fortu¬ 
nately,  support  for  a  move  to  open  source  already  existed  at  the 
highest  levels  of  the  company,  as  Frank  Batten  Jr.,  then  CEO 
of  Landmark  (The  Weather  Channel’s  parent  company),  was 
an  angel  investor  of  open-source  company  Red  Hat.  Below, 
Shield  outlines  why  The  Weather  Channel  made  the  move  to 
open  source. 

To  rein  in  software  costs.  Shield  realized  he  had  little 
control  of  vendors’  software  licenses  and  maintenance 


fees,  which  were  the  fastest-growing  components  of  his  operat¬ 
ing  costs  on  an  annualized  basis.  He  found  that  open  source 
would  give  his  organization  more  input  in  this  area,  because 
The  Weather  Channel  would  not  be  relying  on  commercial  soft¬ 
ware  solutions  but  on  lower-cost  and  equally  robust  open- 
source  code.  Shield  consulted  his  IT  operations  team  to  figure 

out  where  alternative  open-source 
solutions  could  meet  or  exceed  the 
requirements  of  The  Weather  Chan¬ 
nel’s  multimedia  outlets.  He  then 
evaluated  and  deployed  open-source 
alternatives  that  provided  many  ben¬ 
efits.  For  example,  by  moving  from 
Oracle  to  MySQL,  Shield  was  able  to 
reduce  maintenance  costs.  And  now, 
when  The  Weather  Channel  must 
scale  up  quickly  in  times  of  severe  weather,  Shield  does  not 
have  to  pay  additional  costs. 

To  improve  infrastructure  capability  and 
scalability.  After  Shield  and  his  team  experimented 
with  open  source  in  1999,  they  oversaw  their  first  major  project: 
a  move  to  MICO,  an  open-source  alternative  for  the  system  that 
transmits  weather  data  over  satellites.  Open  source  appeared  to 
be  the  right  move,  but  since  satellites  are  core  to  the  company’s 


BRIAN  SHIELD 

The  Weather  Channel 


[ONE::LINER] 


"In  the  commercial  vendor  world,  you 
are  buying  the  vendor's  vision.  In  the 
open-source  world,  you  have  to  have 
your  own  vision." 


-ANTHONY  HILL,  CTO.  GOLDEN  GATE  UNIVERSITY 


80 


SEPTEMBER  1,  2005  |  www.cio.com 


CHRIS  McCLELLEN 

The  Weather  Channel 


mission,  the  product  had  to  be  reliable.  “Any  outages  would  be 
noticed  on  air.  When  we  asked  other  MICO  customers  about  their 
use,  no  commercial  customers  were  willing  to  say  that  they  had 
actually  used  it  in  production,”  remembers  Chris  McClellen,  vice 
president  of  software  engineering  at  The  Weather  Channel.  The 
team  tested  the  technology  for  six  months,  evaluated  other  open- 
and  closed-source  alternatives,  and  felt  confident  it  would  serve 

their  needs.  According  to  Shield,  the  move 
to  MICO  paid  off,  and  The  Weather  Chan¬ 
nel  experienced  no  downtime.  The 
deployment  lasted  just  a  day  as  MICO 
was  pushed  to  internal  servers.  It  is  still  in 
production  today,  and  more  than  70  mil¬ 
lion  Weather  Channel  consumers  are  able 
to  receive  information  at  any  time  of  the 
day  from  host  servers  running  open- 
source  solutions. 

On  The  Weather  Channel  Interactive  side  of  the  company,  open 
source  provides  huge  benefits.  Today,  Weather.com  is  the  10th- 
largest  website  in  the  world  and  runs  almost  100  percent  on  the 
open-source  database  MySQL.  “With  the  switch  from  a  Sun  Solaris 
environment  to  Linux  on  Intel,  elimination  of  hardware  mainte¬ 
nance,  replacement  of  commercial  software  with  open  source,  and 
the  better  price  and  performance  of  an  Intel  platform,  we  reduced 
costs  by  one-third  and  increased  website  processing  capacity  by  30 
percent,”  reports  Dan  Agronow,  CTO  of  The  Weather  Channel 
Interactive.  Agronow  says  he  has  begun  migrating  other  applica¬ 
tions  to  open  source,  including  Web  servers,  application  servers, 
content  management  and  systems  monitoring, 
ipy  1  To  attract  and  retain  staff. “Today,  when  we  look  at  a 
ts&p  j  technology  need,  our  first  assumption  is  that  the  solution  is 
open  source,”  Shield  says.  The  approximately  25  developers  at  The 
Weather  Channel  and  the  19  developers  at  The  Weather  Channel 
Interactive  share  this  philosophy.  Using  open  source,  staff  can  opti¬ 
mize  technology  from  the  outset  for  a  specific  use  rather  than  rely 
on  commercial  products.  This  environment  helps  attract  and  retain 
IT  staff  by  offering  challenging  opportunities  for  creativity  and 
problem-solving.  As  Shield  notes,  “When  I  scout  new  talent,  I  look 
for  people  who  want  to  raise  the  bar.  My  most  important  interview¬ 
ing  questions  revolve  around  a  candidate’s  capacity  and  desire  to 
learn  more.” 

The  staff  relies  on  the  open-source  community  (in  addition  to 
internal  expertise)  to  answer  support  questions  when  they  arise. 
However,  for  tools  deemed  critical,  Shield  makes  sure  his  staff  has 
the  expertise.  Developers  are  encouraged  to  give  back  to  the  open- 
source  community  from  which  they  take.  In  areas  such  as  graphic 
drivers  and  operating  systems,  Shield  has  no  problem  contributing 
code.  In  fact,  he  has  found  that  after  contributing,  support  ques¬ 
tions  are  better  received. 

-Carrie  Mathews,  Member  Services  Manager,  CIO  Executive  Council 


QDo  you  use  open  source 
as  your  main  operating 
system  in  a  mission-critical 
environment? 

As  an  insurance  company, 
we  need  high  reliability  and 
constant  uptime.  When 
we  moved  our  primary  data 
JACK  ONDECK,  CIO,  center  three  years  ago,  we 
Bristol  West  Insurance  Group  conso|idated  servers  and 

upgraded  our  systems.  During  the  planning  phase,  our 
technical  architect  proposed  converting  our  Microsoft- 
based  operating  systems  to  Linux.  At  the  time,  this  was 
a  radical  concept  because  we  were  discussing  our 
main  production  systems— not  some  ancillary  system. 
After  a  thorough  analysis,  we  decided  to  go  with  Linux. 
After  deployment,  we  realized  that  although  very  few  of 
our  initial  assumptions  were  accurate,  we  gained  addi¬ 
tional  benefits  that  we  had  not  anticipated: 


r.www.... 

The  cost  of  Linux 

will  be  lower. 

"A  •  '■  “  _  = 

J  l  ^  ■  - 

■  ■ 

~s y  '  '*■  Q  ,  -  J-.-J '  , 

. 

Linux  did  not  cost  less.  Because  we 
used  Linux  as  our  main  production 
system,  we  required  an  enterprise 
version,  and  we  also  paid  for  support. 
Support  and  training  costs  turned  out 
to  be  similar  to  those  of  a  Microsoft 

OS.  Additional  Linux  tools  also  may 
cost  more. 

Reliability  and 
performance 
will  be  an  issue 

with  Linux. 

; 

With  the  exception  of  the  usual  startup 
issues,  we  have  not  had  any  reliability 
or  performance  problems  in  three 
years,  even  as  the  volume  and  number 
of  applications  have  increased. 

Is'4'"'/7  **.'  >.  " 

Most  applications 
will  not  run  on 

Linux. 

This  was  not  as  bad  as  we  had  thought. 
Most  of  our  apps  are  Oracle-based, 
and  we  had  little  difficulty  in  transfer¬ 
ring  those.  We  did  find  that  some  ancil¬ 
lary  systems  were  not  compatible. 

Linux  is  less  sus¬ 
ceptible  than  com¬ 
mercial  software  to 

viruses  and  worms. 

This  is  true,  and  that  alone  has  justi¬ 
fied  the  cost  of  our  decision.  We  have 
not  seen  any  Linux-based  threats  in 
three  years. 

www.cio.com  |  SEPTEMBER  1  2005 


31 


THE  CIO  EXECUTIVE  COUNCIL 


THE  CIO  EXECUTIVE  COUNCIL 


OPEN  SOURCE 


t OPEN-SOURCE  CAMPUSES 

How  three  technology  executives  determined  whether  open  source 
should  be  a  critical  part  of  their  on-campus  IT  agendas 


^  Lev  Gonick,  VP  of  IT  services 

and  CIO  at  Case  Western 
Reserve  University,  notes  that 
r  almost  everyone  in  academia  is 

using  some  form  of  open 
source,  but  he  advises  caution. 
“Adopting  an  open-source  strategy  means 
the  difference  between  managing  vendors 
and  managing  ourselves.  I  would  rather 
manage  my  vendors,"  says  Gonick,  also 
cochair  of  the  CIO  Executive  Council 
Higher  Education  Committee.  When  con¬ 
sidering  open-source  tools,  Gonick  recom¬ 
mends  taking  a  good  look  at  things  such  as 
TCO,  security  and  hardware  requirements, 
just  as  with  a  purchased  product.  "Curb 
your  enthusiasm  and  put  open  source 
through  the  same  rigor  as  a  vendor  pro¬ 
posal,”  he  says.  Gonick  leaves  the  door 
open  to  adopting  select  open-source  prod¬ 
ucts  in  the  future  and  salutes  one  of  the 
main  tenets  of  the  open-source  initiative: 
"collaborative  sharing  in  the  pursuit  of 
knowledge." 


Golden  Gate  University 
|  CTO  Anthony  Hill 

V  started  looking  at  open 
r  source  in  2000.  "I 

made  the  business 
^  case  by  citing  the 
advantages  that  we  would  experience- 
cost  savings  and  adherence  to  the  new  IT 
infrastructure  being  put  in  place,”  says 
Hill.  Today,  he  uses  open  source  in  many 
ways,  including  website  architecture,  gen¬ 
eral  application  architecture,  content 
management  and  network  monitoring. 

The  technology  is  highly  flexible,  and  Hill 
has  found  that  working  with  open  source 
has  made  his  five-person  development 
team  more  productive.  Why  has  higher 
ed  become  an  open-source  hot  spot?  Hill 
says  that  in  a  cost-driven  environment 
such  as  academia,  there  is  pressure  to 
build  a  lot  of  advanced  capabilities  on  a 
small  budget.  Also,  the  higher-ed  com¬ 
munity  has  a  strong  propensity  to  collab¬ 
orate  and  celebrate  innovation. 


Curt  Pederson,  CIO 
at  Oregon  State 
University  (OSU)  and 
the  Oregon  University 
System,  and  Scott 
Kveton,  associate  direc¬ 
tor  of  the  Open  Source  Lab  (OSL) 
at  OSU,  started  the  lab  in  February  2004. 
“OSL  combines  the  many  aspects  of  open 
source  that  we  are  involved  in:  use  on  the 
back  end,  development  projects  for  OSU 
and  hosting,”  says  Kveton.  The  university 
has  invested  $500,000  in  the  OSL  and 
reaped  $2  million  in  savings.  One  of  the 
OSL’s  more  high-profile  relationships  is 
its  hosting  arrangement  with  AOL  spin-off 
Mozilla.  Pederson  credits  the  adoption  of 
open  source  as  key  to  recruiting  and 
retaining  IT  talent.  Acknowledging  that 
the  open-source  leaders  of  tomorrow  are 
in  the  classroom  today,  Kveton  created 
the  curriculum  for  and  will  teach  the  first 
open-source  class  offered  in  OSU’s  com¬ 
puter  science departmentthisfall.  -C.M. 


THE  GLOBAL  VIEW 

Worldwide  Momentum  Grows 

One  global  CTO  shares  his  insight 

Bill  McCreary,  global  CTO  at  $5  billion  glass  manufacturer  Pilkington,  uses  open 
source  selectively— a  Linux  OS  on  the  server  side  for  process  control  equipment, 
which  manufactures  and  processes  glass.  His  team  is  regularly  evaluating  expanding 
open  source  into  key  areas  of  his  company,  including  Linux  on  the  desktop  and  open- 
source  bolt-ons  for  ERP. 

In  addition,  during  his  many  travels  around  the  world,  McCreary  sees  growing 
momentum  for  open-source  technology,  especially  in  the  United  Kingdom.  One 
element  that  is  driving  the  open-source  discussion  globally  is  cost  savings.  “The 
Financial  Times  runs  open-source  articles  almost  daily  and  as  a  result,  many  bu¬ 
siness  executives  are  asking  me  about  the  technology,”  says  McCreary.  “Some  of 
them  think  IT  costs  would  go  down  to  zero  if  we  completely  adopted  open  source.” 

Many  people  also  see  open  source  as  a  great  way  to  solve  technology  needs 
without  vendor  companies.  Instead  of  dealing  with  vendors,  businesses  can  rely 
on  the  open-source  community  for  code  and  help  with  problem  resolution. 


The  CIO  Executive  Council  is  a  professional  organization  for  CIOs  founded  by  CIO's  publisher.  To  learn  more  about  the  Council, 
visit  www.cioexecutivecouncil.com  or  contact  Director  of  Program  Development  David  Lien  at  dlien@cio.com  or  508  935-4493. 


OPEN  SOURCE 
ON  THE  RISE 

7% 

say  it  is 

a  critical  component 
of  projects  today. 

12o/o 

say  it  will  play  an 
important  role  in 
projects  in  the 
next  year. 

SOURCE:  “The  Bold  100  Honoree  Survey,” 
2005,  CIO  magazine 


82 


SEPTEMBER  1,  2005  |  www.cio.com 


Without  Akamai,  there  is  no  way 
that  a  100%  increase  in  online 

'  ZLM  ~~  -r "■****$  4'*  ■J-'*  7.  if  J 

*-  -»j~-  u*  >r;„  i  r  -  5  ■*'  +  ■'  >>?• ■ 

bookings  would  have  occurred. " 

IVl  Cathay  Pacific 


Scott  Ohman,  Manager, 

E-Business  Commercial,  Cathay  Pacific  Airways 


Cathay  Pacific  trusts  Akamai  to  deliver  more  online  bookings 

Akamai  delivers  more  than  content.  We  deliver  improved  performance  of  Cathay  Pacific's  dynamic 
online  applications,  allowing  passengers  and  agents  to  book  travel  and  check-in  for  reservations 
online  with  ease.  We  deliver  hundreds  of  thousands  of  dollars  in  infrastructure  cost-savings,  enabling 
Cathay  Pacific  to  handle  increased  application  usage  without  investing  in  hardware.  Akamai  delivers 
customer  loyalty,  the  ability  to  handle  traffic  spikes,  and  the  flexibility  for  future  growth. 


To  learn  more  visit  www.akamai.com/WebApplications 
to  see  a  Webcast:  Accelerating  Dynamic  Web  Applications 
Featuring  Forrester  Research  Analyst  Thomas  Mendel 


Forrester 


The  Trusted  Choice 
for  Online  Business 


©2005  Akamai  Technologies,  Inc.  All  Rights  Reserved.  Akamai  and  the  Akamai  logo  are  registered  trademarks. 


FROM  THE  PUBLISHER 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


Howto  Sell 

As  CIOs  are  tasked  with  helping  to  grow  the  business, 
they  need  to  become  adept  at  selling  IT 

Several  weeks  ago  I  spoke  to  the  sales  force  of 
a  major  software  vendor.  My  topic:  best  practices 
for  the  technology  sales  staff.  Many  of  my  sug¬ 
gestions  were  distilled  from  advice  I  had  culled 
from  several  leading  CIOs. 

Around  the  same  time,  several  CIO  magazine 
research  reports  came  to  the  same  conclusion: 
Marching  orders  to  grow  the  business  are  land¬ 
ing  on  the  CIO’s  desk.  This  means  that  corner 
offices  across  America  are  becoming  increasingly 
receptive  to  bold  technology  initiatives. 

It  struck  me  that  the  “how  to  sell  me”  advice  I  gave  to  that  technology  sales 
force  just  might  be  useful  to  CIOs  as  well,  as  they  switch  to  growth  agendas  and 
put  on  their  selling  shoes  to  convince  other  C-level  colleagues  of  the  value  of  IT. 
So  here’s  some  advice  for  CIOs  embarking  on  the  challenge  of  helping  to  drive  the 
business  with  IT: 

■  Speak  the  language  of  business  value.  Show  how  your  FY2006  proposals 
will  strengthen  brand  equity,  increase  shareholder  value,  and  improve  cus¬ 
tomer,  partner  and  employee  satisfaction. 

■  Know  your  own  company’s  business  but  also  demonstrate  that  you  have  a 
keen  understanding  of  your  competitors  and  the  overall  challenges— and 
opportunities— of  your  vertical  industry. 

■  When  you  meet  with  the  executive  committee  for  that  final  one-hour  presen¬ 
tation,  assume  you  will  get,  on  average,  five  to  seven  minutes  of  real  attention. 
Don’t  bury  your  main  value  proposition  late  in  a  50-slide  PowerPoint  deck. 

■  Be  prepared  to  show  the  change  dynamics  of  your  proposal.  How  will  it 
help  the  business  grow? 

■  Be  honest  about  the  limitations  of  your  proposal.  Come  prepared  with  exam¬ 
ples  of  trusted  references  who  have  done  what  you  plan  to  do. 

Yes,  the  times  they  are  a-changin’.  Growing  the  top  line  is  back  in  vogue.  Have 
fun  selling  your  growth  agendas.  And,  as  Rob  Carter,  executive  vice  president  and 
CIO  for  FedEx,  said  to  me:  “Keep  your  selling  shoes  looking  good!” 


CL 

< 

X 

o 

m 

co 


co 

O 

y— 

O 

X 

CL 


84  SEPTEMBER  1,  2005  |  www.cio.com 


president  and  ceo  Michael  Friedenberg 

editorial  director  Lew  McCreary 
publisher  Gary  J.  Beach 

CXO  MEDIA 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
ciRC.  dir.  Faith  Marcello 

subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 

GENERAL  MANAGER  Mark  Hall 
MANAGING  DIR.,  CONTENT  DEVELOPMENT  Richard  Pastore 

program  director  Shaw  Lively  dir.,  external 
relations  Karen  Fogerty  dir.,  program  development 

David  Lien  director  of  research  Michael  Swenson 

marketing  communications  manager  Jennifer  Baker 

MGR.  OF  OPERATIONS  AND  PROJECT  MGMT.  Jean  Costello 

dir.,  event  strategy  and  planning  Thomas  Bliss 
member  services  managers  Michael  Fahlsing,  Bill 

Golden.  Came  Mathews.  Bill  Roche  senior  program 
managers  Stephen  Buckler,  Ross  Chapin.  Patrick 
Clarke,  Robert  Graham,  Andy  Kerr,  Amanda  Neal.  Steve 

Rovmak  program  manager  Jennifer  Riley  operations 
coordinator  Darcy  Chamberlain 

EXECUTIVE  PROGRAMS 

vp,  conference  mgmt.  Cynthia  Mollus 
director  of  marketing  Mary  Cardwell 
dirs.,  business  development  Chris  Mattoon,  John 
Vulopas  dir.,  event  planning  Amy  Turell  conference 
manager  Judith  Kittredge  program  ops.  mgr.  Brian 
Fuce  event  planner  Sarah  Yee  designer  Andrea 
Slobogan  client  relations  associate  Lisa  Byron 
client  services  specialist  Cress  O'Brien 

ONLINE 

general  manager  David  Churbuck 
e-commerce  mgr.  Andrew  Burrell  online  analyst 

Shannon  MacDonald  online  producers  Todd  Borglund. 
Bill  Hall,  Jennifer  McCarthy,  Joe  Nguyen 

online  production  specialist  Rupal  Patel 

INFORMATION  SYSTEMS 

cio  Mark  Hall  dir.,  i.t.  Dagmar  Eiben  infrastructure 
manager  James  C.  Burgoyne  user  services  manager 
Ron  Bettencourt  sr.  i.t.  specialist  Jonathan  Frappier 
system  administrator  Robert  Reagan  user  services 
specialist  Gloria  Lam  sr.  web  developers  Sean 
McCracken.  Ellen  Morey 
assoc,  web  developer  Anthony  Servideo 

PRODUCTION 
vp.  manufacturing  Chris  Cuoco 
production  manager  Heidi  Broadley 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

evp/cmo  Cathy  O'Leary  Hayes  svp.  news  &  information 
Susan  Watson  program  administrator  Lori  Piscatelli 
publicist  Rick  Sheehy  dir.,  marketing  research 
Bridget  Cammarata  marketing  research  managers 

Carolyn  Johnson,  Dylan  DiGregorio 

SR.  DIRECTOR.  MARKETING  COMM.  Sue  YanOVitch 

sr.  marketing  comm,  specialist  Susan  Maloney 
marketing  comm,  coordinator  Lynn  Holmlund 

ADMINISTRATION 

dir.,  finance  Margarita  Chiango  finance  &  operations 
analyst  Chris  Bernardi  executive  assistant 
to  the  president  Diane  Martin  billing  specialist 

Joyce  Gillis  facilities  specialist  John  Kelley 

office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp,  human  resources  Patricia  Chisholm 

human  resources  director  Tanya  Bureau 
sr.  hr  representative  Beth  S.  Ramistella 


CXO\,MEDIA  INC 


INTERNATIONAL  DATA  GROUP 

ceo  Pat  Kenealy 

board  chairman  Patrick  J.  McGovern 


4TBPA 


■  Miiain- 


Document  Products  and  Services 


Broadest  reach. 

Flat-out  performance.  No  limits. 

Nothing  gets  past  you  when  you  use  leading-edge  products  from  Kodak  to  capture,  manage,  archive  and  deliver 
your  critical  business  information.  Create  high-quality  images  of  even  the  most  challenging  documents  using 
Perfect  Page  Scanning  with  [Thresholding.  Effortlessly  go  from  paper  to  digital  to  film  and  back  again.  All  made 
possible  by  the  broadest  range  of  scanners  and  reference  archive  equipment  on  the  market.  And  all  backed  by 
one  of  the  largest  and  most  experienced  sen/ice  and  support  organizations  in  the  industry.  For  data  accountability, 
compliance,  security,  convenience— and  no  limits— team  up  with  Kodak. 

For  more  information,  visit  www.kodak.com/go/docimaging  or  call  1-800-944-6171. 


©  Kodak,  2005.  Kodak  is  a  trademark  of  Kodak. 


Kodak 


SALES  AND  SERVICES 


-ti 


CIO  SALES  OFFICES 

President  and  CEO 

Michael  Friedenberg  •  508935-4310 

Publisher 

Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

VP  Sales  and  Integrated  Solutions 

Bob  Melk*  415  975-2685 

EAST  COAST 

Regional  Sales  Director 

Kathy  Powers  •  201 634-2331 
Regional  Sales  Manager 
El  lie  Schwab  •  201 634-2332 
Account  Executive 
Joan  Bonadeo  •  201 634-2328 
Senior  Sales  Associate 
Rhonda  Goodman  •  201 634-2329 
Fax  •  201 634-9513 

NEW  ENGLAND 

Senior  District  Sales  Manager 

Andrew  Flaney  •  508  935-4586 
Sales  Operations  Manager 

Dawn  Cora  •  508  935-4092 
Fax -508  879-6063 

SOUTHCENTRAL 

Regional  Director/ Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 
Account  Executive 

Brenda  Garza  •  512  306-9801 
Fax  •  512  306-9805 


NORTH  CENTRAL 

Senior  District  Sales  Manager 

Beth  DeVillez  •  847  759-2727 
Advertising  Sales  Associate 

Kim  Giovanni  •  847  759-2728 
Fax -847  759-2729 

WEST COAST 

Senior  Regional  Sales  Manager 

Ai  Collins  *415  975-2686 
Regional  Sales  Manager 
Kevin  Ebmeyer  •  415  975-2684 
Account  Executive 
Derek  Jung  •  415  975-2683 
Fax  •  415  543-2358 
Senior  Account  Executive 
Sara  Mascall  •  415  978-3385 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 

Western  Online  Sales  Manager 

Jennell  Hicks  •  415  243-8585 
Online  Account  Executive 

Danielle  Tetreault  •  508  988-6770 


CUSTOM  PUBLISHING 

Group  Director 

Michael  Siggins  •  508  988-6763 
Director  Mary  Gregory  •  508  988-6765 

Director  of  Content  Development  Tom  Field 
Assoc.  Director  of  Content  Development 

Anne  Stuart 

Senior  Project  Manager  Amy  Greenleaf 
Project  Managers 
John  Danielowich,  Jon  Heinrich 
Associate  Project  Manager 

Michelle  Sooknanan 

REPRINT  SERVICES 

For  article  reprints  (100  quantity  or  more), 
please  contact  Jesse  Levy  at  PARS 
International  at  212  221-9595  xl23  or 
via  e-mail  at  jesse@parsintl.com. 

CIO  IS  PUBLISHED  IN  THE 
U.S.  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China  www.ceocio.com.cn 
France,  CIO  France  www.idg.fr/cio 
Germany,  CIO  Germany  www.cio.de 
India,  CIO  India  91-80-521-0309/1 2 
Japan,  CIO  Japan  www.idg.co.jp 
The  Netherlands,  CIO  Netherlands  www.cio.nl 
New  Zealand,  CIO  New  Zealand  www.idg.co.nz 
Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland  www.cxo.pl 
Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 

South  Korea,  CIO  Korea  www.cio.seoul.kr 
Sweden,  CIO  Sweden  www.cio.idg.se 


For  further  sales  information,  visit 

www2.cio.com/marketing/aboutcio/ 

contacts.cfm. 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention. 

This  index  is  provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

Aetna  Inc . 23 

Alston  &  Bird  LLP . 64 

Bain  &  Co . 23 

Bank  One  Corp . 64 

BMC  Software  Inc . 46 

Booz  Allen  Hamilton  Inc . 46 

Cisco  Systems  Inc . 34 

Computer  Associates  International 

Inc . 46 

Cutter  Consortium . 64 

Deloitte  Consulting  . 64 

Delta  Air  Lines  Inc . 23 

FedEx  Corp . 84 

Finisar  Corp . 46 

First  American  Corp.,  The . 23 

Ford  Motor  Co . 23 

Forrester  Research  Inc.  . .  23.  42,  46 

Gartner  Inc . 42,  46,  64 

Habitat  for  Humanity  International 

Inc . 23 

Hartford  Life  Inc . 23 


IBM  Corp . 10,  64 

JPMorgan  Chase  &  Co . 10,  64 

Li  &  Fung  Ltd . 34 

Lockheed  Martin  Corp . 23 

McKinsey  &  Co . 34,  74 

MeadWestvaco  Corp . 46 

Meta  Group  Inc . 64 

Mine  Safety  Appliances  Co.  ....  23 

Motorola  Inc . 23 

Noblestar  Systems  Corp . 46 

Old  Mutual  PLC . 23 

Ounce  Labs  Inc . 23 

Pacific  Gas  and  Electric  Co . 23 

Pershing  LLC . 46 

PricewatertiouseCoopers 

International  Ltd . 46 

Progressive  Corp.,  The . 74 

Prudential  Financial  Inc . 23 

SAP  America . 46 

Southern  Co.  . 23 

TheLadders.com  . 23 

Trestle  Group . 64 


U.S.  Geological  Survey  . 23 

Valuedance  . 42 

Weather  Channel  Interactive  Inc., 

The  . 80 

Xerox  Corp . 34 


Zurich  American  Insurance  Co.  .  74 

ADVERTISER  INDEX 


Akamai  Technologies  Inc . 83 

Captaris  Inc . C2 

Cingular  Wireless . 4 

Cognos  Inc . 32 

CXO  Media  Inc . 49,  73,  87 

EMC'  Corp . 59.  6L  63 

ESRI . 29 

F5  Networks  Inc . 19 

Fujitsu  Computer  Systems  Corp.  .  77 

GridWorld  Boston  2005 . 25 

Hewlett-Packard  Co . 45 


Hitachi  . 16 

Integrien  Corp . 72a 

Internet  Security  Systems . 79 

KODAK  Service  &  Support  ....  85 

Kyocera  Mita  Corp . 43 

LaSalle  Bank  . 31 

Microsoft  Corp . 20.  41 

MicroStrategy  Inc . 69 

MRO  Software  Inc . C3 

Novell  Inc . 35.  37,  39 

Palm  Inc . C4 

Pillar  Data  Systems  Inc . 24a 

Primavera  Systems  Inc . 15 

Riverbed  Technology  Inc . 7 

Robert  Half  International  . 11 

Samsung . 2 

SAP  . 27 

SAS  . 22 

Siemens  Corp . 48a 

Sterling  Commerce  . 12 

SunGard  Availability  Services  ...  71 
Sybase . 8 


i 


C/O  CONTACT 
INFORMATION 

Editorial,  Advertising  and  Business 
Offices:  CXO  Media  Inc.,  492  Old 
Connecticut  Path.  P.0.  Box  9208, 
Framingham.  MA  01701-9208, 
508872-0080. 

C/O  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined 
issue  Dec.  15/Jan.  1  by  CXO  Media 
Inc.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.0.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2005  by 
CXO  Media  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing 
in  CIO  is  forbidden  without  written 
permission.  Send  all  requests  to 
Permissions  Department,  CIO. 

492  Old  Connecticut  Path. 

P.O.  Box  9208,  Framingham.  MA 
01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street.  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol:  %. 

Subscriptions:  CIO  is  free  to 
qualified  information  executives.  To 
apply,  use  our  online  subscription 
form  at  www.subscribe.cio.com. 
Subscriptions  are  also  available  on 
a  paid  basis  at  a  rate  of  $95  for  the 
United  States  and  Canada.  $195 
International  (payable  in  U.S.  funds 
only)  and  may  be  ordered  online  at 
www.subscribe.cio.com/services.html. 
Or  address  inquiries  to  CIO.  P.O. 

Box  489,  Northbrook.  IL  60065- 
0489;  866  354-1125.  Please  allow 
four  to  six  weeks  for  a  new  subscrip¬ 
tion  to  begin.  The  single  copy  price 
is  $9  for  the  United  States  and 
Canada,  and  $15  International. 
Prepayment  is  required,  payable  in 
U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio  and 
follow  the  online  instructions. 

Postmaster  Send  change  of 
address  to  CIO.  P.O.  Box  489, 
Northbrook.  IL  60065-9816. 

Printed  in  the  U.S. A. 


86 


SEPTEMBER  1,  2005  |  www.cio.com 


It’s  OK  to  show  off  to  your  friends 
that  you  were  in  CIO. 


But  it 'seven  better  to 
show  your  customers. 


What  better  way  to  inform  your  key  customers 
of  your  editorial  coverage  in  CIO  than  through 
customized  Editorial  Reprints? 

Leverage  the  positive  impact  of  your  editorial 
coverage  by  using  reprints  for  direct  mail 
campaigns,  seminar  promotions,  employee 
communications,  recruiting  and  marketing  pro¬ 
grams.  Let  us  enhance  your  reprints  with  your  company’s  logo, 
address,  and  sales  message.  Reprints  make  great  SALES  tools  for 
trade  shows,  mailings  or  media  kits. 


And  while  a  framed  copy  of  your 
article  will  look  neat  on  your  wall,  it 
will  look  even  better  in  the  hands  of 
your  customers. 


The  Resource 
for  Information 
Executives 


pArJs 


■  Ancillary  ||  j|g|M| 

Revenue  ■ 

_ Services  —  — 

[INTERNATIONAL  CORP  | 

|  MANAGED  REPRINT  PROCRAMS| 


For  more  information  on  customized  editorial  reprints  in  volume  quantities, 
contact  Jesse  Levy  at  212.221.9595  xl23  or  email  jesse@parsintl.com. 
Website:  www.magreprints.com/quickquote.asp 


09.01.05 


Pershing  CIO  Suresh  Kumar:  "With  ITIL, 
we  can  assess  how  we  are  performing  at 
any  point  in  time.  As  a  result,  we  can 
continuously  improve  our  processes.” 

46 | COVER  STORY 
ITIL  POWER 

THE  INCREASED  FINANCIAL  over¬ 
sight  mandated  by  the  Sarbanes-Oxley 
Act  and  the  need  to  demonstrate  IT’s 
contributions  to  the  enterprise  in  an  era 
of  outsourcing  are  two  reasons  CIOs 
are  looking  harder  at  process  frame¬ 
works  for  running  IT.  The  Information 
Technology  Infrastructure  Library 
(ITIL),  a  collection  of  best  practices  for 
IT  operations  developed  by  the  British 
government,  is  rapidly  gaining  adher¬ 
ents  in  the  United  States.  What  sets 
ITIL  apart  is  its  strict  focus  on  IT  oper¬ 
ations:  IT  departments  using  ITIL  can 
greatly  improve  their  quality  of  service, 
including  increased  system  uptime, 
faster  problem  resolution  and  better 
security.  But  putting  ITIL  in  place  isn’t 
easy.  CIOs  who  have  done  it  say  the 
process  change  is  so  substantial  that 
progress  is  measured  in  years  rather 
than  months.  By  Ben  Worthen 


54  1  CHEAP,  FAST  OR  SECURE-PICK  TWO 

THE  UNITED  STATES  VISITOR  and  Immigrant  Status  Indicator  Technology 
(US-Visit)  system  was  one  of  the  prime  measures  Congress  mandated  after  9/11 
to  protect  the  nation  from  terrorists.  In  deploying  the  system,  the  US-Visit  team 
met  its  deadlines  and  stayed  within  its  budget.  But,  of  course,  the  true  measure 
of  the  program’s  success  will  be  its  ability  to  keep  terrorists  out  of  the  country. 
Unfortunately  US-Visit  has  yet  to  develop  a  system  that  will  verify  that  a  foreign 
visitor  has  left  the  country  when  he’s  supposed  to.  As  a  result,  the  government 
still  doesn’t  know  whether  foreigners  are  overstaying  their  visas,  as  some  of  the 
9/11  hijackers  did.  US-Visit  CIO  Scott  Hastings  acknowledges  that  rolling  out  a 
workable  system  on  time  meant  making  trade-offs  in  standard  project  manage¬ 
ment  practices  and  cobbling  together  a  bunch  of  legacy  applications  and  networks. 
Consequently,  the  system  will  now  require  repeated  code  changes  as  new  require¬ 
ments  are  added.  The  US-Visit  program  reflects  the  reality  of  these  compromises 
and  the  deadline  pressures  that  made  them  necessary.  By  Allan  Holmes 


64  |  BACKSOURCING  PAIN 

AFTER  JPMORGAN  CHASE  MERGED  with  Bank  One,  it  decided  to  end  its  $5  bil¬ 
lion  outsourcing  deal  with  IBM  and  bring  its  IT  back  home.  Among  the  consequences 
were  a  decline  in  productivity  and  poor  morale  among  some  of  those  employees  who 
had  been  sent  to  IBM  and  then  brought  back.  The  process  has  devoured  years  of  man¬ 
agement  time  and  attention,  as  JPMorgan  managers  first  prepared  the  organization 
for  outsourcing  and  then  reorganized  it  for  backsourcing,  slowing  the  implementation 
of  some  new  IT  projects.  JPMorgan’s  experience  stands  as  a  cautionary  tale  for  CIOs 
contemplating  large  outsourcing  deals.  By  Stephanie  Overby 


74  |  TERMS  OF  ALIGNMENT 

ZURICH  NORTH  AMERICA  Small  Business  CEO  Ray  Thomas  sees  IT  as  key 
in  driving  the  insurance  company’s  goals  of  grabbing  more  market  share  and 
expanding  the  number  of  agents  who  sell  its  policies.  The  commercial  property 
and  casualty  organization  is  a  business  unit  within  Zurich  North  America.  It 
deployed  a  Web-based  underwriting  system  in  1999  that  has  helped  the  company 
triple  its  annual  revenue.  In  this  “View  from  the  Top”  interview,  Thomas  describes 
how  he  sees  IT  investments  as  crucial  to  Zurich’s  success,  but  also  how  he  keeps 
a  tight  rein  on  IT  spending.  For  instance,  he  pushes  his  direct  reports  and  his  IT 
team  to  work  together  to  jettison  projects  that  aren’t  meeting  deadlines  and  won’t 
yield  big  payoffs.  He  also  shares  his  secrets  for  successful  IT  projects  and  his  wari¬ 
ness  about  outsourcing.  By  Elana  Varon 


88 


SEPTEMBER  1.  2005  |  www.cio.com 


PHOTO  BY  PETER  MURPHY 


What  if  your  assets  had  appreciating  value  instead  of  depreciating  value? 

With  Maximo  Enterprise  Suite,  you  can  see  the  performance  of  all  your  assets  through  a  world-class  work  management 
system.  So  you  can  make  every  stage  of  every  asset  life  cycle  more  valuable.  And  gain  the  information  and  the  control  you 
need  to  more  closely  align  your  transmission,  distribution,  and  generation  assets  with  your  business  strategies.  To  learn  more 
about  our  Strategic  Asset  and  Service  Management  solutions,  visit  maximoenterprise.com/cio  or  call  800-326-5765. 

COUNTED  CONTROLLED  MAXIMIZED 


®2005  MRO  Software,  Inc.  All  rights  reserved.  Maximo  is  a  registered  trademark  and  MRO  Software  is  a  trademark  of  MRO  Software,  Inc 


It's  time  to 
downsize  downtime. 

It's  time  for  work  to 
have  a  flexible  address. 


It's  time  for  Treo. 


_ 

« ii  nay  ( 

Rkk  Vocatioo  in  itdy 

•jSiSSr*"— 

Meeting  (Moscow) 

Compos*  i.-iT 


For  the  first  time,  Treo,  Sprint,  and  Good  come  together  to  deliver  an  end-to-end  mobile  solution  for  business. 

The  Sprint  PCS  Vision  Smart  Device  Treo  650-powered  by  Intel®  Mobile  Media  Technology-combines  phone, 
email  and  web  access*  with  the  Sprint  Nationwide  PCS  Network.  Plus,  GoodLink  means  real-time  wireless 
access  to  Microsoft  Outlook  for  all  email,  calendaring,  notes,  and  attachments. 


Call  1-888-730-3282  by  Sept.  10  to  take 
advantage  of  special  offers. 

Treo  Good  Sprint 


•Wireless  service  plan  required.  Email  and  web  require  wireless  data  services  and  additional  charges  apply.  Coverage  not  available  everywhere.  Devices  available  from  participating 
markets  and  may  change  depending  on  availability.  Offer  subject  to  change.  May  not  be  combinable  with  other  offers.  Screen  image  simulated.  ©2005  Palm,  Inc.  All  rights 
reserved.  Palm  and  Treo  are  among  the  trademarks  or  registered  trademarks  owned  by  or  licensed  to  Palm,  Inc.  Sprint,  the  diamond  logo,  and  all  Sprint  trademarks  are  property  of 
Sprint  Communications  Company  L.P  Good,  Good  Technology,  the  Good  logo,  and  GoodLink  are  trademarks  or  registered  trademarks  of  Good  Technology,  Inc.  All  other  marks  are 
property  of  their  respective  owners. 


